A good ISMS technology solution should be right at the heart of the ISMS.
When combined with the people involved, the whole ISMS is much more easily trusted by those stakeholders. Technology can not only help to address Confidence, Capacity and Capability issues for the people involved, it will speed time to success, improve visibility, ease coordination, reduce risk and lower the total cost of ownership.
It also helps any external experts you bring in focus on the more specific and challenging parts of your solution.
At a time when it has never been easier or cheaper to throw up a wiki page, build a website, market a service or cobble some code together to solve part of the problem, it is also important to carefully consider what good looks like from a technology solution.
This list, coupled with the more specific work to get done (as outlined earlier) then becomes your checklist from which to determine whether you should consider building or buying. It is also the specification from which to compare technology solutions on the market.
What are the key considerations when building the business case for an ISMS?
- A growing challenge
- Three reasons why nothing happens
- The return on investment from information security management
- A point on people
- In considering the technology
- What is an ISMS?
- What are the components of an ISMS?
- Why do organisations need an ISMS?
- Is your organisation leadership ready to support an ISMS?
- Developing the business case for an ISMS
- Benefits to realise – Achieving returns from the threats and opportunities
- Evaluating the threats
- Identifying the opportunities
- Stakeholder expectations for the ISMS given their relative power and interest
- Scoping the ISMS to satisfy stakeholder interests
- GDPR focused work
- Doing other work for broader security confidence and assurance with higher RoI
- Work to get done for ISO 27001:2013/17
- Build or buy – Considering the best way to achieve ISMS success
- The people involved in the ISMS
- The characteristics of a good technology solution for your ISMS
- Whether to build or buy the technology part of the ISMS
- The core competences of the organisation, costs and opportunity costs
- In conclusion