ISMS Business Case Builder - A Point on People
The People Involved in the ISMS
In considering the people, have in mind the following:
3 Cs: Capacity, Capability and Confidence. The people involved need the capacity to get the work done, the capability to perform the jobs and the confidence to know what to do.
External support can be great to help with any of the 3Cs but before choosing a third party also consider the use of technology to ensure you have visibility, transparency, sustainability and lowest total cost of operation. Good technology helps with capacity, capability and confidence too, freeing up any specialist resources to focus on the thorny and specific needs of the organisation.
An ISMS delivers a positive return on investment. The goal of our whitepaper is to show you why, what, and how you can get RoI from an ISMS that fits the business needs.
You can download it now to share with colleagues or work through the considerations online using the index below.
What are the key considerations when building the business case for an ISMS?
- A growing challenge
- Three reasons why nothing happens
- The return on investment from information security management
- A point on people
- In considering the technology
- What is an ISMS?
- What are the components of an ISMS?
- Why do organisations need an ISMS?
- Is your organisation leadership ready to support an ISMS?
- Developing the business case for an ISMS
- Benefits to realise - Achieving returns from the threats and opportunities
- Evaluating the threats
- Identifying the opportunities
- Stakeholder expectations for the ISMS given their relative power and interest
- Scoping the ISMS to satisfy stakeholder interests
- GDPR focused work
- Doing other work for broader security confidence and assurance with higher RoI
- Work to get done for ISO 27001:2013/17
- Build or buy - Considering the best way to achieve ISMS success
- Understanding the components of an ISMS solution
- The people involved in the ISMS
- The characteristics of a good technology solution for your ISMS
- Whether to build or buy the technology part of the ISMS
- The core competences of the organisation, costs and opportunity costs
- In conclusion