Obtaining buy in for ISO 27001

1. You have an Organization where you want to implement ISO 27001 and controls
Example : I have nine information assets with threat, vulnerability and the Risk

Each asset information, there is a RISK. For this risk, you put controls, could be one control or more controls.

The stake holders will oppose for the controls, including staff members. As CISO, I have write an Statement of Applicability to the Management, indicating we have so many threats, staff do not know, how to access the risk, they not know how to interpret the results of a scan report, user awareness.

I need around 15 key points to say to the Management, why we choose ISO 27001 to implement. What are the benefits of this?

How we can convince them, these are the benefits, and if you do not implement, we will have these issues. Key points.

How we put Arguments for the resistance we have. Key points

Please provide the key points for me please.

Answer: In general way, the benefits of ISO 27001 are related to:
- Enhanced competitive edge
- Reduction on losses due to security incidents
- Reduction on fines due to legal or contractual non conformity
- Improvement of internal organization

For a more robust presentation I suggest you to pick some examples from your organization's own context so the top management can clearly understand the benefits (e.g., name competitors that do not have the certification and that you can stand ahead of them, mention incidents that already occurred and how they can be prevented, which specific laws and regulations can be better supported, etc.).

To build your presentation, I suggest you to take a look at our free download Why ISO 27001 – Awareness presentation at this link: https://info.advisera.com/27001academy/free-download/why-iso-27001-awareness-presentation

You can use this template as basis for your presentation, adjusting it accordingly your needs.

These articles will provide you further explanation about ISO 27001 benefits:
- Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
- How to gain employee buy-in when implementing cybersecurity according to ISO 27001 https://advisera.com/27001academy/blog/2017/07/03/how-to-gain-employee-buy-in-when-implementing-cybersecurity-according-to-iso-27001/

These materials will also help you regarding ISO 27001 benefits:
- ISO 27001 benefits: How to obtain management support [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001-benefits-how-to-get-management-buy-in-free-webinar-on-demand/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/