This Recommendation provides the information security management framework (ISMF). ISMF maps the controls defined by [ITU-T X.1051] to the practical implementation methodologies by defining a set of management areas@ such as asset management@ incident management@ risk management@ policy management and others. This Recommendation gives an overview of the framework and analyses the relationships between these areas. The specific guidelines of each area defined in this Recommendation are provided in a series of other ITU-T Recommendations.