LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Approaching management

  Quote
Guest
Guest user Created:   Jan 29, 2019 Last commented:   Jan 29, 2019

Approaching management

I am working in an organization where management loves to feel and say we are start up and for everything, and hence those things will not work. I do agree with your statement that the management commitment looks obvious but it really is not and without which in my organization everything is considered as escalation. There is no right approach, they pick the control matrix and start working on the security aspects and hence the friction and internal threats have increased so much that it is becoming difficult day by day to work on it. And when I ask my superboss about it, he says this is how we work. I need your advice on this so that I can work better. I don't want to give up nor fail in any case.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 29, 2019

Answer:

For situations like that you have to explain them that the proper approach would be base for their decision on which controls to use as results of risk assessment and legal requirements (e.g., contracts, laws and regulations). This way you can decrease friction, because you would be working only on risks that people consider relevant, or that they have to treat because they have external enforcement to do that (by means of clauses on service agreements, on customer contracts, or on laws/regulations).

This article will provide you further explanation about selecting security controls:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

For a better commitment you should convince your top management about the benefits of information security - here's the article that will help you: Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/

These materials will also help you regarding selecting controls:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 29, 2019

Jan 29, 2019

Suggested Topics

Guest user Created:   Feb 19, 2021 ISO 27001 & 22301
Replies: 1
0 0

IT Security Policy

Guest user Created:   Apr 30, 2020 ISO 27001 & 22301
Replies: 1
0 0

Integrated Management System