Overview of the state and trends in the contemporary information security policy and information security management methodologies

The overview of the field of information security (IS) policy and IS management methodologies is given in the paper. Key terms of the field are defined and contemporary trends of development are described. The need for the establishment of the IS governance level is analyzed, as well as the link between governance level and the security programs that are the basis for the implementation of information security management system (ISMS). The systemic security management model is described, where security is considered as a dynamically interconnected, multidimensional activity. Specifics of the contemporary IS policy and ISMS methodologies are determined in the context of the traditional IS policy approach that is typical for Government sectors, but also in the context of security programme frameworks established by the contemporary IS standards. The role of security metrics in the field of IS management is described, as well as the importance of metrics at the corporate and the operational management level.