Security management is the identification of an organization’s assets (including people, buildings, machines, systems and information assets), followed by the development, documentation, and implementation of policies and procedures for protecting these assets. An organisation uses such security management procedures as asset and information classification, threat assessment, risk assessment, and risk analysis to identify threats, categorise assets, and rate system vulnerabilities so that they can implement effective controls.