The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda-Reference-Cited by-同舟云学术

The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda

Published:2021-03-16 Issue:7 Volume:33 Page:76-105
ISSN:1754-2731
Container-title:The TQM Journal
language:en
Short-container-title:TQM

Author:

Culot Giovanna,Nassimbeni Guido,Podrecca Matteo^ORCID,Sartor Marco^ORCID

Abstract

PurposeAfter 15 years of research, this paper aims to present a review of the academic literature on the ISO/IEC 27001, the most renowned standard for information security and the third most widespread ISO certification. Emerging issues are reframed through the lenses of social systems thinking, deriving a theory-based research agenda to inspire interdisciplinary studies in the field.Design/methodology/approachThe study is structured as a systematic literature review.FindingsResearch themes and sub-themes are identified on five broad research foci: relation with other standards, motivations, issues in the implementation, possible outcomes and contextual factors.Originality/valueThe study presents a structured overview of the academic body of knowledge on ISO/IEC 27001, providing solid foundations for future research on the topic. A set of research opportunities is outlined, with the aim to inspire future interdisciplinary studies at the crossroad between information security and quality management. Managers interested in the implementation of the standard and policymakers can find an overview of academic knowledge useful to inform their decisions related to implementation and regulatory activities.

Publisher

Emerald

Subject

Strategy and Management,General Business, Management and Accounting,Business and International Management,General Decision Sciences

Reference189 articles.

1. Accerboni, F. and Sartor, M. (2019), “ISO/IEC 27001”, in Sartor, M. and Orzes, G. (Eds), Quality Management: Tools, Methods, and Standards, Emerald Publishing, Bingley, pp. 245-264.

2. Cyber-physical systems and their security issues;Computers in Industry,2018

3. A survey of security standards applicable to health information systems;International Journal of Information Security and Privacy,2013

4. GoSafe: on the practical characterization of the overall security posture of an organization information system using smart auditing and ranking;Journal of the King Saud University – Computer and Information Sciences,2020

5. Decision support for selecting information security controls;Journal of Decision Systems,2018

Cited by 30 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Search engine optimization poisoning: A cybersecurity threat analysis and mitigation strategies for small and medium-sized enterprises;Technology in Society;2024-02

2. Investigating the barriers to Quality 4.0 adoption in the Indian manufacturing sector: insights and implications for industry and policy-making;International Journal of Quality & Reliability Management;2024-01-23

3. Audit model using controls from ISO/IEC 27002 for the information security of electronic voting based on IoT and Blockchain;2023 IEEE 3rd International Conference on Advanced Learning Technologies on Education & Research (ICALTER);2023-12-13

4. An Integration Model to Enhance Information Systems Administration and Data Sharing: A Case of Namibian Lower Courts;Proceedings of the 4th African Human Computer Interaction Conference;2023-11-27

5. Strengthening Information Security Through Zero Trust Architecture: A Case Study in South Korea;Communications in Computer and Information Science;2023-10-31