Businesses in any country are vulnerable to cyber threats. The rise of Internet of Things, cloud computing, and communication platforms contributed to a drastic increase in those threats. Therefore, it is of importance to address the threats and risks that businesses face. Considering the significance of this situation, this paper aims to provide a theoretical understanding of cyber security management for businesses via literature review. Research framework in this work consists of three steps, (i) Cyber security risk management frameworks, (ii) Cyber security management measures, and (iii) Cyber security culture. Cyber security risk management frameworks can be adopted on the strategic level, and cyber security risk management measures can be used on the practical level. If these are taken successfully, cyber security culture is to be cultivated for the perpetuation of cyber security management within a business. In this paper, first, various models and elements of the frameworks and measures are explained, and second, a balanced approach is discussed in order to make a success of cyber security management. It is expected to lay the foundation for conceptualisation of cyber security management.