An Information Security Management System (ISMS) involves implementing and maintaining processes to efficiently manage the protection of information and, in doing so, ensuring its integrity, confidentiality and availability. You may implement guidelines set out in ISO 27001, COBIT, NIST or in any other similar framework or you may even create your own management system. What matters in order to make ISMS efficient is to consider all these factors of the cycle.