Just as people don't have to start preparing for the end of the world just because of the existence of a global seed bank.
The mitigation method is chosen largely depends on which of the seven information technology (IT) domains the threat and/or vulnerability resides in.
The ISO/IEC 27000 family represents some of the most well-known standards governing information security management and their ISMS is based on global expert opinion.
They lay out the requirements for best "establishing, implementing, deploying, monitoring, reviewing, maintaining, updating, and improving information security management systems.
"[3][4] ITIL acts as a collection of concepts, policies, and best practices for the effective management of information technology infrastructure, service, and security, differing from ISO/IEC 27001 in only a few ways.