This workshop aims at presenting an Information Security Management System (ISMS) that can be certified by a certification authority. The workshop aims at explaining the organisation of the international reference ISO on information security. Special attention is paid to the requirements of ISO/IEC 27001, the structure and content of the standards like ISO/IEC 27002 (Code of practice for information security management), ISO/IEC 27005 (Risk management in relation to information security) and ISO/IEC 27006 (Requirements for organisations performing audits and delivering certification of information security management systems). Other industry standards like ISO/IEC 27799 (Information security management in the health sector) or ISO/IEC 27010 (Information security management of cross-sectorial and inter-organisational communication) can be featured depending on the specific requirements of the participants. Targeted audience: (1) decision makers in charge of security aspects, including CEO, CIO and Asset Managers; (2) CISO and Risk Managers; (3) auditors and compliance officers.