Chapter 1: The Sales Process – Selling Information Security to the Board


‘Sales’ are a process. A process has inputs and outputs and proceeds according to certain pre- defined steps.

The input into the ‘Selling Information Security to the Board’ process is a collection of raw information about one or more specific issues and a proposed course of action in relation to those issues. The identified issue could be as broad as ‘inadequate information security across the whole organisation’ or as narrow as ‘our financial results might leak before they are officially released’. The desired output from the process is a decision, by top management, to commit time, money and resources to implementing the proposed solution.

The stages in the internal corporate sales process are:

  • Gather inputs – information about the issue
  • Identify a prospect
  • Understand the prospect’s needs and wants
  • Craft a proposal that will link features and benefits of your proposal to the prospect’s needs and wants
  • Present the proposal
  • Handle objections
  • Close the sale.

This pocket guide provides basic advice to the information security professional on each of these steps in the sales process.