Information is the key asset of all organizations and can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by mail or by electronic means, shown in films, or spoken in conversation. In today's competitive business environment, such information is constantly under threat from many sources, which can be internal, external, accidental, or malicious. Joomla is a very popular Content Management System (CMS) used for web page maintenance. This highly versatile software has found itself in both large corporate web portals, and simple web pages such as blogs. Such popularity increases its vulnerability to potential attacks and therefore needs an appropriate security management. ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) created the series of standards aimed at providing a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). This paper shows how principles set in ISO/IEC 27000 series of standards can be used to improve security of Joomla based web portals.