This document analyzes studies on automation in the field of information security management. It finds that about 30% of the 133 controls from ISO 27001 can be automated using existing security software tools. It also discusses how the Security Content Automation Protocol (SCAP) can automate compliance and security configuration checking. SCAP provides a standardized way for security software to communicate information about vulnerabilities and configurations. The document concludes that while some isolated automation approaches exist, integrating these approaches can help organizations maximize the benefits of automation in their information security management systems.