Seriously, if you need certification to put your processes in order you are in a deep shit anyway. As an organization, you should be striving to continuously learn and improve. ISO 27001 is just a standard, a minimum you should be doing anyway.
Why yes:
I think it makes sense to go over that material. A lot of that stuff makes total sense. Why learn the mistakes yourself when you can get over a lot of that stuff in one, easy to consume package? Security is a tough thing to get right, there is a lot of possibility to forget/be blind to some obvious things. While it is up to you to figure out what to do (see above) and you will be paying the price of missteps, it is always good idea to get some external validation. Especially if you are top level manager and you don't exactly know if you are getting accurate assessment of the situation from your underlings.
The answer is both yes, and no.
Why no:
Seriously, if you need certification to put your processes in order you are in a deep shit anyway. As an organization, you should be striving to continuously learn and improve. ISO 27001 is just a standard, a minimum you should be doing anyway.
Why yes:
I think it makes sense to go over that material. A lot of that stuff makes total sense. Why learn the mistakes yourself when you can get over a lot of that stuff in one, easy to consume package? Security is a tough thing to get right, there is a lot of possibility to forget/be blind to some obvious things. While it is up to you to figure out what to do (see above) and you will be paying the price of missteps, it is always good idea to get some external validation. Especially if you are top level manager and you don't exactly know if you are getting accurate assessment of the situation from your underlings.