As part of a case study I'm working on, I need to describe a plan of action and the expected impact on the SW engineering dept of a digital banking company. The new CISO decided to introduce an ISO27001 ISMS and aims for the certification in 3 years. I have been tasked with implementing this framework in the SW engineering dept.
Can you help me structure the main guidelines and controls I should look at? I can make assumptions of course, but I'm not really sure how to best tackle.