What is the primary purpose of an Information Security Management System (ISMS) as defined by ISO/IEC 27001?