...
A guide on how to establish and implement an ISMS and the run of your ISMS (the CISO's planning for the year)
To make a yearly plan:
The CISO should make his own plan, implement it in the company, check internal (f.i. business) external (f.i. law) changes, check compliancy and make a plan for the next year to implement findings out of the evaluation.
...