how to obtain management support - advisera · iso 27001 benefits: how to obtain management...
TRANSCRIPT
ISO 27001 Benefits: How To Obtain Management
Support?
Presenter: Dejan Kosutic
©2015 27001Academy www.advisera.com/27001academy
GoToWebinar Control Panel
• Open and close your Panel
• View, Select, and Test your audio
• Submit text questions – they will be addressed throughout the session
• Raise your hand 5
©2015 27001Academy www.advisera.com/27001academy 3
How to increase chances for successful ISO 27001 implementation by bringing in the management.
You are in charge of ISO 27001 implementation…
…Without management support your project will probably fail!
©2015 27001Academy www.advisera.com/27001academy 4
Present your ISO 27001 project like a business case, and you’ll make your management much more interested!
©2015 27001Academy www.advisera.com/27001academy
Agenda
5
• Management mindset
• What is really ISO 27001
• Four main benefits of ISO 27001
• Return on investment
• Elevator speech
• Using right words
• Why is it difficult to obtain management support?
©2015 27001Academy www.advisera.com/27001academy
Management mindset
6
• Return on investment (ROI)
• Market
• Compliance
• Strategic direction
• Short time to present the case
• Management is under great pressure!
• Persuading the management takes time
©2015 27001Academy www.advisera.com/27001academy
What is really ISO 27001
7
• A management standard, not technical –Information Security Management System
• The purpose is to manage and control –example: BYOD policy
• Only 50% of controls from Annex A are IT related
©2015 27001Academy www.advisera.com/27001academy
Four main benefits
8
ComplianceMarketing
edge
Lowering the expenses
Optimizing business
processes
©2015 27001Academy www.advisera.com/27001academy
Return on investment (ROI)
9
• Asset: server
• Threat: fire
• Single Loss Expectancy (SLE) = $5000
• Annualized Rate of Occurrence (ARO) = 10%
• Annualized Loss Expectancy (ALE) = $500
• Conclusion: any investment in security < $500 annually is profitable
©2015 27001Academy www.advisera.com/27001academy
Elevator speech
10
Not more
than 45 seconds
Use a vivid
example!
Short speech you should
use to influence your executives to support ISO
27001
©2015 27001Academy www.advisera.com/27001academy
Using the right words
11
INSTEAD OF: USE:
Backup/firewall Prevention
Cost Investment
Probability Risk
Incident Damage
Disaster Loss/downtime
©2015 27001Academy www.advisera.com/27001academy
Why is it difficult to obtain management support?
12
• They can not fund it and want you to handle it without additional funding
• They do not see a business case for additional funding since it doesn’t generate revenue
• IT security specialists are not always good in "politics"
• Management is always busy with other projects
• They don't see any value in having the certification and see it as a tick box exercise
©2015 27001Academy www.advisera.com/27001academy
Conclusions
13
ISO 27001 will pay off if it prevents only one medium incident, not to mention large
ones
Use this key message and convince your management!
Q & A
Dejan Kosutic