The purpose of an Information Security Management System (ISMS) is to systematically manage and protect a company's information by implementing a set of information security rules, responsibilities, and controls. It aims to ensure compliance with laws, reduce costs due to incidents caused by information compromise, and align information security objectives with the strategic direction of the company.