• security policy;
• organization of information security;
• asset management;
• human resources security;
• physical and environmental security;
• communications and operations management;
• access control;
• information systems acquisition, development and maintenance;
• information security incident management;
• business continuity management;
• Compliance.

Security organization: Having a management structure for security, including appointing security coordinators, delegating security management responsibilities and establishing a security incident response process

Business continuity management: Planning for disasters--natural and man-made--and recovering from them. Asset classification and control: Conducting a detailed assessment and inventory of an organization's information infrastructure and information assets to determine an appropriate level of security. 

Personnel security: Making security a key component of the human resources and business operations. This includes writing security expectations in job responsibilities (IT admins and end users), screening new personnel for criminal histories, using confidentiality agreements when dealing with sensitive information and having a reporting process for security incidents.

Physical and environmental security: Establishing a policy that protects the IT infrastructure, physical plant and employees. This includes controlling building access, having backup power supplies, performing routine equipment maintenance and securing off-site equipment.

“It contains 71 Pages of Security Management Goodness the main highlighting features are.”

 The control objectives and controls in ISO/IEC 17799:2005 are intended to be     implemented to meet the requirements identified by a risk assessment. ISO/IEC 17799:2005 is intended as a common basis and practical guideline for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities.