Top five benefits of an information security management system

1. The directors of the organization will be able to demonstrate that they are complying with the requirements of the Turnbull Guidance and/or complying with current international best practice in risk management with regard to information assets and security.

2. The organization will be able to demonstrate, in the context of the array of relevant legislation, that it has taken appropriate action to comply with the laws, particularly (in the United Kingdom) the Data Protection Act 1998.

3. The organization will be able systematically to protect itself from the dangers and potential costs of computer misuse, cybercrime and the impacts of cyberwar.

4. The organization will be able to improve its credibility with staff, customers and partner organizations, and this improved credibility can have direct financial benefits through, for instance, improved sales.

5. The organization will be able to make informed, practical decisions about what security technologies and solutions to deploy and thus to increase the value for money it gets from information security, to manage and control the costs of information security and to measure and improve its return on its information security investments.

Source: IT Governance, A Manager's Guide to Data Security & ISO 27001, Alan Calder 2008