This document outlines an information security management standard with 18 sections and 114 controls organized under 14 groups. The standard provides guidance on security policies, asset management, access control, cryptography, physical security, operations, systems development, supplier relationships, communications, incident management, business continuity, and compliance. It was authored by Jason P. Rusch and references ISO/IEC 27001 and 27002 for information security standards.