According to the relevance of the existing information's role in various companies, competent management is required to ensure the security of that information. The information security refers to protecting information and minimizing unauthorized access to it. Management system of the information security means the information security of a part of general and overall information security in an organization that is based on business risks’ approach and aims to establish, implement, operate, monitor, verify, maintain and improve information security. In this study, we have tried to introduce information security management system, types of threatening risks of information systems and also introduce and offer proper ways to maintain information security of each organization and then work on necessary requirements in order to design information security system and phases of implementing management system of information security.