Improving the quality of information security management systems with ISO27000

Author:

Gillies Alan

Abstract

PurposeThe ISO27001 standard provides a model for “establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS)”. This paper seeks to consider the global adoption of the ISO27000 series of standards, and to compare them with the adoption rates for ISO9000 and ISO14000. The paper aims to compare the barriers to adoption for the different standards.Design/methodology/approachPrevious studies suggest that ISO27001 adoption is slower than for the other standards. The uptake of ISO27001 has been slower than the related management system standards ISO9001 and ISO14001, with approximately half the certifications compared with ISO14001. In response to the issues raised in this analysis, the paper considers how an approach based on a maturity model can be used to help overcome these barriers, especially in smaller companies.FindingsThe 2008 survey of ISO27001‐certificated companies found that 50 per cent of the certificated organisations which responded had fewer than 200 employees, and were therefore in the SME category. Perhaps more surprisingly, around half of these had fewer than 50 employees The framework has used the ISO27002 code of practice to define the elements, which should be considered within the ISMS. Each element is then developed through a maturity model lifecycle to develop processes to the point where an ISO27001‐compliant ISMS can be implemented.Originality/valueThe principal contribution of the paper is a step‐by‐step framework designed to simplify the process for organisations working towards ISO27001 and offer significant benefits at milestones before systems are mature enough to achieve certification.

Publisher

Emerald

Subject

Strategy and Management,General Business, Management and Accounting,Business and International Management,General Decision Sciences

Reference18 articles.

1. Backhouse, J., Hsu, C.W. and Silva, L. (2006), “Circuits of power in creating de jure standards: shaping an international information systems security standard”, MIS Quarterly, Vol. 30, (special issue: Standard making: a critical research frontier for information systems research), pp. 413‐38.

2. BS ISO (2005a), “BS ISO 27001 Information technology – security techniques – information security management systems – requirements”, British Standards Institute, London, ISBN 0 580 46781 3.

3. BS ISO (2005b), “BS ISO 27002 Information technology – security techniques – code of practice for information security management”, British Standards Institute, London, ISBN 978 0 580 59729 9 (Identifier of standard renumbered from (BS) ISO/IEC 17799 to (BS) ISO/IEC 27002, July 2007).

4. Certification Europe (2008), ISO 27001 Global Survey: The Facts and the Figures Underlying the Growth of ISO 27001 World‐wide, Certification Europe, Dublin.

5. Data Protection Act (1998), Chapter 29, The Stationery Office, London.

Cited by 30 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3