The Adoption of Information Security Management Standards A Literature Review

This chapter introduces major information security management methods and standards, and particularly ISO/IEC 27001 and 27002 standards. A literature review was conducted in order to understand the reasons for the low level of adoption of information security standards by companies, and to identify the drivers and the success factors in implementation of these standards. Based on the findings of the literature review, we provide recommendations on how to successfully implement and stimulate diffusion of information security standards in the dynamic business market environment, where companies vary in their size and organizational culture. The chapter concludes with an identification of future trends and areas for further research. INtrODUctION In service-oriented, highly industrialized countries, information itself is both a raw material and a product (Castells, 1996). The critical economic role of information and information processing on a firm’s productivity may be more important than that from operational efficiency or product innovation (Steinmueller, 2005). The relevance of information assets to businesses and governments alike can be measured by, for example, the percentage of contributions to gross domestic product (GDP) stemming from information-related processes and services (OECD, 2005). Another argument for the importance of information assets is to see them as “the ‘life-blood’ of all businesses” (Humphreys, 2005, p.15) losing which may bring the business to a dead halt. LouDOI: 10.4018/978-1-60566-326-5.ch006