This study offers a comprehensive examination of hypothetical concepts related to the behaviors, attitudes, outcomes, processes, experiences, manifestations and indicators connected with an organization's design, implementation and management of a coherent set of policies, procedures and systems to manage risks to its information assets. We introduce network analysis tools as a novel approach to highlight the construct relationships found in Information Security Management Systems (ISMS) literature published in the new millennium. Descriptive results display a significant expansion in the research of ISMS-related phenomena. Network analyses showcase the critical influence of certain constructs in scholarly publications as well as the most salient relationships among these constructs.Our study provides a gap analysis that also underscores those constructs that may require further exploration by this stream of research.