how to obtain management support - advisera · iso 27001 benefits: how to obtain management...
TRANSCRIPT
![Page 1: How to obtain management support - Advisera · ISO 27001 Benefits: How To Obtain Management Support? Presenter: Dejan Kosutic](https://reader034.vdocuments.us/reader034/viewer/2022051606/601da8d8c9ae711e037b1283/html5/thumbnails/1.jpg)
ISO 27001 Benefits: How To Obtain Management
Support?
Presenter: Dejan Kosutic
![Page 2: How to obtain management support - Advisera · ISO 27001 Benefits: How To Obtain Management Support? Presenter: Dejan Kosutic](https://reader034.vdocuments.us/reader034/viewer/2022051606/601da8d8c9ae711e037b1283/html5/thumbnails/2.jpg)
©2015 27001Academy www.advisera.com/27001academy
GoToWebinar Control Panel
• Open and close your Panel
• View, Select, and Test your audio
• Submit text questions – they will be addressed throughout the session
• Raise your hand 5
![Page 3: How to obtain management support - Advisera · ISO 27001 Benefits: How To Obtain Management Support? Presenter: Dejan Kosutic](https://reader034.vdocuments.us/reader034/viewer/2022051606/601da8d8c9ae711e037b1283/html5/thumbnails/3.jpg)
©2015 27001Academy www.advisera.com/27001academy 3
How to increase chances for successful ISO 27001 implementation by bringing in the management.
You are in charge of ISO 27001 implementation…
…Without management support your project will probably fail!
![Page 4: How to obtain management support - Advisera · ISO 27001 Benefits: How To Obtain Management Support? Presenter: Dejan Kosutic](https://reader034.vdocuments.us/reader034/viewer/2022051606/601da8d8c9ae711e037b1283/html5/thumbnails/4.jpg)
©2015 27001Academy www.advisera.com/27001academy 4
Present your ISO 27001 project like a business case, and you’ll make your management much more interested!
![Page 5: How to obtain management support - Advisera · ISO 27001 Benefits: How To Obtain Management Support? Presenter: Dejan Kosutic](https://reader034.vdocuments.us/reader034/viewer/2022051606/601da8d8c9ae711e037b1283/html5/thumbnails/5.jpg)
©2015 27001Academy www.advisera.com/27001academy
Agenda
5
• Management mindset
• What is really ISO 27001
• Four main benefits of ISO 27001
• Return on investment
• Elevator speech
• Using right words
• Why is it difficult to obtain management support?
![Page 6: How to obtain management support - Advisera · ISO 27001 Benefits: How To Obtain Management Support? Presenter: Dejan Kosutic](https://reader034.vdocuments.us/reader034/viewer/2022051606/601da8d8c9ae711e037b1283/html5/thumbnails/6.jpg)
©2015 27001Academy www.advisera.com/27001academy
Management mindset
6
• Return on investment (ROI)
• Market
• Compliance
• Strategic direction
• Short time to present the case
• Management is under great pressure!
• Persuading the management takes time
![Page 7: How to obtain management support - Advisera · ISO 27001 Benefits: How To Obtain Management Support? Presenter: Dejan Kosutic](https://reader034.vdocuments.us/reader034/viewer/2022051606/601da8d8c9ae711e037b1283/html5/thumbnails/7.jpg)
©2015 27001Academy www.advisera.com/27001academy
What is really ISO 27001
7
• A management standard, not technical –Information Security Management System
• The purpose is to manage and control –example: BYOD policy
• Only 50% of controls from Annex A are IT related
![Page 8: How to obtain management support - Advisera · ISO 27001 Benefits: How To Obtain Management Support? Presenter: Dejan Kosutic](https://reader034.vdocuments.us/reader034/viewer/2022051606/601da8d8c9ae711e037b1283/html5/thumbnails/8.jpg)
©2015 27001Academy www.advisera.com/27001academy
Four main benefits
8
ComplianceMarketing
edge
Lowering the expenses
Optimizing business
processes
![Page 9: How to obtain management support - Advisera · ISO 27001 Benefits: How To Obtain Management Support? Presenter: Dejan Kosutic](https://reader034.vdocuments.us/reader034/viewer/2022051606/601da8d8c9ae711e037b1283/html5/thumbnails/9.jpg)
©2015 27001Academy www.advisera.com/27001academy
Return on investment (ROI)
9
• Asset: server
• Threat: fire
• Single Loss Expectancy (SLE) = $5000
• Annualized Rate of Occurrence (ARO) = 10%
• Annualized Loss Expectancy (ALE) = $500
• Conclusion: any investment in security < $500 annually is profitable
![Page 10: How to obtain management support - Advisera · ISO 27001 Benefits: How To Obtain Management Support? Presenter: Dejan Kosutic](https://reader034.vdocuments.us/reader034/viewer/2022051606/601da8d8c9ae711e037b1283/html5/thumbnails/10.jpg)
©2015 27001Academy www.advisera.com/27001academy
Elevator speech
10
Not more
than 45 seconds
Use a vivid
example!
Short speech you should
use to influence your executives to support ISO
27001
![Page 11: How to obtain management support - Advisera · ISO 27001 Benefits: How To Obtain Management Support? Presenter: Dejan Kosutic](https://reader034.vdocuments.us/reader034/viewer/2022051606/601da8d8c9ae711e037b1283/html5/thumbnails/11.jpg)
©2015 27001Academy www.advisera.com/27001academy
Using the right words
11
INSTEAD OF: USE:
Backup/firewall Prevention
Cost Investment
Probability Risk
Incident Damage
Disaster Loss/downtime
![Page 12: How to obtain management support - Advisera · ISO 27001 Benefits: How To Obtain Management Support? Presenter: Dejan Kosutic](https://reader034.vdocuments.us/reader034/viewer/2022051606/601da8d8c9ae711e037b1283/html5/thumbnails/12.jpg)
©2015 27001Academy www.advisera.com/27001academy
Why is it difficult to obtain management support?
12
• They can not fund it and want you to handle it without additional funding
• They do not see a business case for additional funding since it doesn’t generate revenue
• IT security specialists are not always good in "politics"
• Management is always busy with other projects
• They don't see any value in having the certification and see it as a tick box exercise
![Page 13: How to obtain management support - Advisera · ISO 27001 Benefits: How To Obtain Management Support? Presenter: Dejan Kosutic](https://reader034.vdocuments.us/reader034/viewer/2022051606/601da8d8c9ae711e037b1283/html5/thumbnails/13.jpg)
©2015 27001Academy www.advisera.com/27001academy
Conclusions
13
ISO 27001 will pay off if it prevents only one medium incident, not to mention large
ones
Use this key message and convince your management!
![Page 14: How to obtain management support - Advisera · ISO 27001 Benefits: How To Obtain Management Support? Presenter: Dejan Kosutic](https://reader034.vdocuments.us/reader034/viewer/2022051606/601da8d8c9ae711e037b1283/html5/thumbnails/14.jpg)
Q & A
Dejan Kosutic