With the advance of electronic commerce more and more companies have become dependent on their information systems for their daily business operations. This dependency requires the security of these systems to be managed. This paper presents a holistic security management framework that should allow for easy and affordable security management. This process framework is described by hierarchically organized processes which allow for a business, technology and social driven security management. It presents the activities involved in the five core and two support processes which are conducted iteratively. To support this framework three cases of successful applications and an informal evaluation against SSE-CMM are presented.