This International Standard gives guidelines for organizational information security standards and information security management practices including the selection@ implementation and management of controls taking into consideration the organization's information security risk environment(s). This International Standard is designed to be used by organizations that intend to: a) select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001;[10] b) implement commonly accepted information security controls; c) develop their own information security management guidelines