This document discusses implementing an Information Security Management System (ISMS) based on the ISO27001:2005 standard. It focuses on performing a risk assessment to identify risks, controlling access to information assets, and auditing the security of the system and technology. It also mentions asset valuation and calculating risk scores.