Bringing information security deliberately under overt management control is a central principle throughout the ISO/IEC 27000 series of standards.
The target audience is users of the remaining ISO/IEC 27000-series information security management standards.
Information security, like many technical subjects, is evolving a complex web of terminology.
Relatively few authors take the trouble to define precisely what they mean, an approach which is unacceptable in the standards arena as it potentially leads to confusion and devalues formal assessment and certification.
You can help Wikipedia by expanding it.This standards- or measurement-related article is a stub.