The research aims to measure the gap between the actual reality of the information security management system and the requirements of the information security management system according to the ISO 27001:2022 standard. The research problem revolves around the weakness of banking transactions and slow service delivery, in addition to some failures in storing customer information for long periods, which raises customer concerns about the bank's ability to maintain the security of their information. Elaf Islamic Bank was chosen as a practical field reality for conducting the research. The research also relied on a set of statistical tools, including (weighted arithmetic mean, measuring the extent of conformity, and determining the gap percentage). The research reached several results, including the lack of awareness among bank employees of the importance of information security and the bank's lack of a dedicated internal audit department for information security management. The gap between the actual implementation and the specification requirements reached 58.72%, which means there is a large gap between the bank's actual reality and the specification requirements.