An ISMS is for life, not just for Christmas, so adopt a sustainable approach.
What is the best way to achieve ISMS success?
We have considered the threats & opportunities, where benefits might arise, and the stakeholder’s expectations from the ISMS. That has led to the ISMS deliverables and what work needs to get done as part of the solution.
As long as the organisation is serious about security and goes beyond the tick-box mentality It is probably clear by now that doing nothing is not an option. The RoI is high whichever implementation path is taken. It is now time to consider the best way to achieve the goals and how to put in place the ISMS itself.
As part of business case cost building it’s generally a build versus buy options analysis. Like the benefits / return analysis earlier this investment consideration can be done at whatever level is required for the organisation to feel confident about its decision. In the next section we look at factors to consider in build versus buy decision making.
What are the key considerations when building the business case for an ISMS?
- A growing challenge
- Three reasons why nothing happens
- The return on investment from information security management
- A point on people
- In considering the technology
- What is an ISMS?
- What are the components of an ISMS?
- Why do organisations need an ISMS?
- Is your organisation leadership ready to support an ISMS?
- Developing the business case for an ISMS
- Benefits to realise – Achieving returns from the threats and opportunities
- Evaluating the threats
- Identifying the opportunities
- Stakeholder expectations for the ISMS given their relative power and interest
- Scoping the ISMS to satisfy stakeholder interests
- GDPR focused work
- Doing other work for broader security confidence and assurance with higher RoI
- Work to get done for ISO 27001:2013/17
- Build or buy – Considering the best way to achieve ISMS success
- The people involved in the ISMS
- The characteristics of a good technology solution for your ISMS
- Whether to build or buy the technology part of the ISMS
- The core competences of the organisation, costs and opportunity costs
- In conclusion