This post is also available in: Deutsch (German)
Do you want to establish an ISMS organization or do you doubt its effectiveness? In the nineties I built up and co-developed the first ISMS organizations. Many ISMS organizations are too cumbersome and cannot achieve their main goal, which is to improve the security level in the organization. If you blindly rely on the established standards such as ISO 27001/2, the effort will far exceed the benefit. I try to work with the stakeholders to find the ISMS organization that their company really needs.
Of course, I am also happy to prepare them for certification based on ISO 27001.