What other work can be done for broader security confidence & assurance?
Forward thinking organisations are looking beyond just protecting personal data. They are seeing the value of following recognised frameworks such as ISO 27001:2013, or NIST Cyber Security. A benefit of this approach is being able to more easily demonstrate to stakeholders you can be trusted, and smarter buyers will understand the work you are doing too.
ISO 27001:2013 is even better because you can (if desired) also achieve an independent highly respected certification that helps demonstrate your commitment for stakeholders.
Reflect back on the analysis from the threats and opportunities work earlier. It will almost certainly deliver a higher return on investment (RoI) by extending the scope of information and adopting a recognised framework despite there being a bit more work to do as well.
ISO 27001:2013 has additional work beyond that required for GDPR however there are also lots of synergy areas too. As such, depending on stakeholder expectations (now and in the future) it can make sense to future proof a GDPR investment with an intent towards achieving ISO 27001:2013 as well.
An ISMS delivers a positive return on investment. The goal of our whitepaper is to show you why, what, and how you can get RoI from an ISMS that fits the business needs.
The key considerations when building the business case for an ISMS?
- 1Building the business case for an ISMS
- 3The Challenge is Growing
- 4Three Reasons Why Nothing Happens
- 5Planning the business case for an ISMS
- 6A Point on People
- 7In Considering The Technology
- 8What is an ISMS?
- 9Understanding the Components of an ISMS
- 10The People Involved in the ISMS
- 11Why Do Organisations Need An ISMS?
- 12Is Your Organisation Leadership Ready to Support an ISMS?
- 13Developing the Business Case for an ISMS
- 14Achieving Returns from the Threats and Opportunities
- 15Stakeholder Expectations for the ISMS given their Relative Power and Interest
- 16Scoping the ISMS to Satisfy Stakeholder Interests
- 17GDPR Focused Work
- 18The Return on Investment from Information Security Management
- 19Doing Other Work for Broader Security Confidence & Assurance with Higher RoI
- 20Build or Buy – Considering the Best Way to Achieve ISMS Success
- 21The characteristics of a good technology solution for your ISMS
- 22Whether to Build or Buy the Technology Part of the ISMS
- 23The Core Competences of the Organisation, Costs and Opportunity Costs
- 24Evaluating The Threats
- 25Identifying The Opportunities
- 26Work To Get Done for ISO 27001
- 27In Conclusion