An Information Security Management System (ISMS), as defined by the ISO/IEC 27000 family of standards, is the formal system for guaranteeing the coherence of information security. It provides a systematic, risk-based approach to establish, implement, operate, monitor, review, maintain, and improve an organization's information security. This framework of policies, procedures, and controls ensures that security efforts are consistent, comprehensive, and aligned with the organization's strategic objectives, thus creating a coherent security posture.

B. A rootkit is a type of malicious software designed to enable unauthorized access to a computer system; it is a security threat, not a management system.

C. These are specific compliance requirements for a subset of information, not the overarching management system that ensures coherence for all information security within an organization.

D. ITSM focuses on the management and delivery of IT services to meet business needs, while an ISMS is specifically focused on managing and protecting information assets.

1. ISO/IEC 27000:2018, Information technology — Security techniques — Information security management systems — Overview and vocabulary.

Section 3.29: Defines an Information Security Management System (ISMS) as "part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security." This definition highlights its role as a comprehensive, coherent system.

2. Calder, A., & Watkins, S. (2019). IT Governance: An International Guide to Data Security and ISO 27001/ISO 27002 (7th ed.). Kogan Page.

Chapter 8, "What is an ISMS?": This chapter explains that an ISMS is a "systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process." This systematic nature ensures coherence.

3. University of Oslo (UiO), Center for Information Technology (USIT). (n.d.). Information Security Management System (ISMS) at UiO.

The documentation describes the ISMS as the "framework of policies, processes, tasks, and technologies that help protect UiO's information assets." This illustrates how a university implements an ISMS to ensure coherent security practices across the institution.