Building on this foundation we constructed the ISO 27001 metamodel and evaluated it semantically in prior work [14, 15]. In the next chapter the metamodel will be presented again before it is tested for its applicability in information security management processes.