Georgia State University is one of the first universities in the world to embrace the ISO 27001:2005 standard for establishing an Information Security Management System (ISMS). Although it has been immensely challenging, this systematic/disciplined approach of empowering people, processes, and technology is helping us to develop a World Class ISMS. This panel session will discuss the development of an enterprise ISMS at GSU based on risk management, the ISO 27001 certification process, and briefly touch on the Holistic Information Security Practitioner certification (HISP).