In this research, an Information Security Management System (ISMS) was designed to be applied in the management process of technological infrastructure management of a school located in Cartagena de Indias (Colombia). The above allowed to identify assets to be considered by the organization in the application of a management system appropriate to its policies through the approach of ISO 27001 and the MAGERIT methodology. Risk analyzes and evaluations were carried out, showing the protection mechanisms in addition to the characterization and weighting of the assets, threats, and safeguards involved in the infrastructure management of the school. The results obtained show control mechanisms and security policies that provide solutions to the threats found: unintended use of infrastructure, system crash due to resource depletion, denial of service, and unauthorized access, which represent a high level of risk in the school, framed in the cycle of continuous improvement.