Building the business case for an ISMS

Information Security Management Systems offer a compelling RoI
Having a professional Information Security Management System (ISMS) that follows a recognised standard like ISO 27001:2013/17 can be a big investment. However the benefits from the ISMS can easily outweigh the cost. In fact the Return on Investment (RoI) can be much more attractive than most business growth initiatives, especially if new business or organisation survival is dependent on having an ISMS that stakeholders can trust or it’s required to meet a regulation.

The challenge for some organisations is working that RoI out and seeing information security management as a useful place to invest. It’s often considered a grudge purchase by leaders who are less experienced in the topic.  However with powerful stakeholders becoming more nervous about supply chain risk, increasing regulation and growing threats from cybercrime, doing nothing is not an option.

We have produced a comprehensive whitepaper on how to build the business case for an ISMS.  It takes the reader from some of the fundamentals for planning the case through to addressing more significant issues for organisations. Organisations that are truly serious about information security management can now more easily calculate the costs, benefits and consequences to show the ISMS RoI.

Get the white paper now

An overview of what’s included in the paper

  • Executive summary
  • Three reasons why nothing happens
  • A point on people
  • In considering the technology 
  • What is an ISMS?
  • What are the components of an ISMS?
  • Why do organisations need an ISMS?
  • Is your organisation leadership ready to support an ISMS? 
  • Developing the business case for an ISMS
  • Benefits to realise – Achieving returns from the threats and opportunities
  • Stakeholder expectations for the ISMS given their relative power and interest
  • Scoping the ISMS to satisfy stakeholder interests 
  • GDPR focussed work
  • Doing other work for broader security confidence and assurance with higher RoI
  • Work to get done for ISO 27001:2013/17
  • Build or buy – Considering the best way to achieve ISMS success
  • Understanding the components of an ISMS solution
  • The people involved in the ISMS
  • The characteristics of a good technology solution for your ISMS
  • Whether to build or buy the technology part of the ISMS
  • The core competences of the organisation, costs versus opportunity costs 
  • In conclusion


Want to learn more?

100% Privacy, 0% Spam

ISMS Online Rating: 5 out of 5
Share This