Information security management is the practice that focuses on protecting an organization's information and managing associated risks. This includes ensuring the confidentiality, integrity, and availability of information, as well as managing authentication and non-repudiation. Authentication verifies the identity of users, while non-repudiation ensures that a party cannot deny the authenticity of their signature on a document or a message that they sent.