What are the costs of an ISMS?

Hello List,

I do have a broad and a rather non-technical question: What are the costs of implementing and operating an Information Security Management System in medium- and large-sized enterprises?

More specifically:
- How many FTEs should be assigned to the CISO/Information Security Department (per number of employees/IT-employees)?
- How many FTEs should be working on operating the ISMS?

I know this depends also on a number of other factors like the
current IT security maturity level and nature of the business.

It would be really helpful you can comment on these questions.

I'm looking forward to having a constructive discussion.

Thank you,

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.