Depending on what the ISMS is aiming to achieve, the scope of the ISMS will vary.
At a minimum the organisation needs to follow applicable legislation and regulation, with examples of increasing demands for regulation based jobs seen in NYDFS 23500 from the New York Department of Financial Services for cyber security, and Network Information Services (NIS) Directive to protect essential services.
GDPR is also one of the most comprehensive and popular examples of regulation to comply with right now. Doing that well helps go towards the achievement of many other security standards too.
An ISMS delivers a positive return on investment. The goal of our whitepaper is to show you why, what, and how you can get RoI from an ISMS that fits the business needs.