What do I do?
Doing nothing is probably not an option any longer for organisations that want to be seen as serious about information security management. Deciding whether to purchase a new firewall or implement an ISMS with the current IT budget is missing the point of a more holistic approach to protecting and enhancing organisation value.
orces for change are growing and powerful stakeholder expectations are increasingly driving towards a more professional ISMS. They already expect you to have a firewall, and are now expecting you to strategically do even more to protect their valuable information.
Treating ISMS as an investment for return rather than just a cost is a great way to help unsure, resistant or laggard leaders to understand the benefits. This document has set out to identify the key areas for consideration as you build that business case.
One size doesn’t fit all of course so if you need more help, get in touch with our team at ISMS.online. They or one of our partners will be pleased to assist.
Suggested further reading:
- ISMS.online Blog
- 5 Steps to Success for GDPR
- ISO 27001: Statement of Applicability (SoA) – The Complete Guide
An ISMS delivers a positive return on investment. The goal of our whitepaper is to show you why, what, and how you can get RoI from an ISMS that fits the business needs.
What are the key considerations when building the business case for an ISMS?
- A growing challenge
- Three reasons why nothing happens
- The return on investment from information security management
- A point on people
- In considering the technology
- What is an ISMS?
- What are the components of an ISMS?
- Why do organisations need an ISMS?
- Is your organisation leadership ready to support an ISMS?
- Developing the business case for an ISMS
- Benefits to realise – Achieving returns from the threats and opportunities
- Evaluating the threats
- Identifying the opportunities
- Stakeholder expectations for the ISMS given their relative power and interest
- Scoping the ISMS to satisfy stakeholder interests
- GDPR focused work
- Doing other work for broader security confidence and assurance with higher RoI
- Work to get done for ISO 27001:2013/17
- Build or buy – Considering the best way to achieve ISMS success
- The people involved in the ISMS
- The characteristics of a good technology solution for your ISMS
- Whether to build or buy the technology part of the ISMS
- The core competences of the organisation, costs and opportunity costs
- In conclusion