Group of correlated and interacting elements (organized structure, policies, activities planning, responsibilities, processes, procedures and resources) that an organization uses to establish a policy and objectives of security of the information and fulfils those objectives, based on an approach of risk management and continued improvement.
