Information Security Management according to ISO / IEC 27001