Cybercrime and information loss is one of the most significant threats to nation states, business and society today.
Internationally the cost is many tens of billions of pounds, and consequences from poor security practices can be life affecting let alone business changing. Regulatory pressures for stronger privacy practices are growing too. The introduction of the new General Data Protection Regulations (GDPR) and a host of other national regulations has further increased the burden on organisations to protect personal and other data.
With overwhelming evidence being presented about the threats, many organisations still fail to take adequate steps to prevent harm against themselves, their customers or the supply chain. Certified standards such as ISO 27001:2013 and basic cyber hygiene e.g. from Cyber Essentials are becoming more popular but they are not yet mainstream.
Why is that?
An ISMS delivers a positive return on investment. The goal of our whitepaper is to show you why, what, and how you can get RoI from an ISMS that fits the business needs.
What are the key considerations when building the business case for an ISMS?
- Context
- A growing challenge
- Three reasons why nothing happens
- The return on investment from information security management
- A point on people
- In considering the technology
- What is an ISMS?
- What are the components of an ISMS?
- Why do organisations need an ISMS?
- Is your organisation leadership ready to support an ISMS?
- Developing the business case for an ISMS
- Benefits to realise – Achieving returns from the threats and opportunities
- Evaluating the threats
- Identifying the opportunities
- Stakeholder expectations for the ISMS given their relative power and interest
- Scoping the ISMS to satisfy stakeholder interests
- GDPR focused work
- Doing other work for broader security confidence and assurance with higher RoI
- Work to get done for ISO 27001:2013/17
- Build or buy – Considering the best way to achieve ISMS success
- The people involved in the ISMS
- The characteristics of a good technology solution for your ISMS
- Whether to build or buy the technology part of the ISMS
- The core competences of the organisation, costs and opportunity costs
- In conclusion