Iso/iec 27001 Information Systems Security Management Standard : Exploring the Reasons for Low Adoption
نویسندگان
چکیده
In this paper we attempt to find the reasons for low adoption of the international standard ISO/IEC 2700 on information security management. We benchmark ISO/IEC 27001 against the two other widely applied management system standards – ISO 9001 for quality management and ISO 14001 for environmental management We show that besides low adoption rates, ISO/IEC 27001 standard has received significantly less interest from academia, as measured by the number of scholarly publications on the topic. We compare the reasons for the ISO/IEC 27001 standard’s application with those for ISO 9001 and conclude with listing possible drivers and barriers for the standards diffusion and suggesting a roadmap for future research on the topic.
منابع مشابه
Getting the Full Benefits of the ISO 27001 to Develop an ISMS based on Organisations’ InfoSec Culture
The ISO/IEC 27001 is an important and the most leading international information security management standard in the information security (InfoSec) world. The benefits of implementing the ISO 27001 are to provide market assurance and IT governance, based on customer demands and legal requirements. Although the ISO 27001 is a generic standard for all types of organisations and countries, there a...
متن کاملInformation Security Management Systems in the Healthcare Context
The ISO/IEC 27799 standard for information security management in health was released in 2008. The standard contains a substantial section (Section 6) covering information security management systems in the healthcare context. This raises the question whether the ISO/IEC 27799 purports a difference between the generic standard for information security management systems (as embodied in the ISO/...
متن کاملISO/IEC 27000, 27001 and 27002 for Information Security Management
With the increasing significance of information technology, there is an urgent need for adequate measures of information security. Systematic information security management is one of most important initiatives for IT management. At least since reports about privacy and security breaches, fraudulent accounting practices, and attacks on IT systems appeared in public, organizations have recognize...
متن کاملISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System
Established standards on security and risk management provide guidelines and advice to organizations and other stakeholders on how to fulfill their security needs. However, realizing and ensuring compliance with such standards may be challenging. This is partly because the descriptions are very generic and have to be refined and interpreted by security experts, and partly because they lack tech...
متن کاملGoverning Information Security in Conjunction with COBIT and ISO 27001
In this paper, after giving a brief definition of Information Security Management Systems (ISMS), ISO 27001, IT governance and COBIT, pros and cons of implementing only COBIT, implementing only IS
متن کامل