Annotation: This paper describes how with the proper approach to the management of information security (CRAMM ( CRAMM (CCTA’s Risk Analysis and Management Method) was created in 1987 by the Central Computing and Telecommunications Agency (CCTA) of the United Kingdom government. CRAMM is currently on its fifth version, CRAMM Version 5.0. It comprises three stages, each supported by objective questionnaires and guidelines. The first two stages identify and analyze the risks to the system.), ISMS ( ISMS (Information Security Management System) is, as the name suggests, a set of policies concerned with information security management. The idiom arises primarily out of ISO/IEC 27001.), ISM Cube ( ISM Cube (ISM3) is a a framework for Information Security Management Systems. ISM3 looks at defining levels of security that are appropriate to the business mission and render a high return on investment. URL: http://www.ism3.com/ (09.04.2009)) etc.) ensure optimal security of information systems. Consistency with the requirements established by the protection of informations and datas to the law with evaluation of security systems and with experimental methodologies.