Security Management aims to ensure the confidentiality, integrity, and availability of configuration item (CI)s.  All managed configuration items must have security via security controls.  The determination of these controls is through the identification of risk management.