Getting the Full Benefits of the ISO 27001 to Develop an ISMS based on Organisations’ InfoSec Culture

نویسندگان

  • Bahareh Shojaie
  • Hannes Federrath
  • Iman Saberi
چکیده

The ISO/IEC 27001 is an important and the most leading international information security management standard in the information security (InfoSec) world. The benefits of implementing the ISO 27001 are to provide market assurance and IT governance, based on customer demands and legal requirements. Although the ISO 27001 is a generic standard for all types of organisations and countries, there are still some countries that do not adopt the ISO 27001 largely. The main reason for this low adoption rate is the cultural barriers of implementing ISO 27001. The considerable influences of culture on the InfoSec have long been a topic of public and scientific interests. However, the relationship between InfoSec cultural behaviour and the ISO 27001 efficiency was unfounded. Understanding influential national cultural characteristics is considerably important for establishing a strong InfoSec culture, which is compatible with the ISO 27001 requirements. Based on the literature review, personal interviews and limited results of the preliminary survey, this study found three distinguished cultural behaviours the most applicable cultural characteristics to the ISO 27001 efficiency. This study reduces the cultural barriers of implementing ISO 27001 by enhancing required resources and insiders’ cooperation in overarching employees’ bypassing of defined rules and regulations.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Idea: A Reference Platform for Systematic Information Security Management Tool Support

The ISO 27001 standard specifies an information security management system (ISMS) as a means to implement security best practices for IT systems. Organisations that implement an ISMS typically experience various challenges such as enforcing a common vocabulary, limiting human errors and integrating existing management tools and security mechanisms. However, ISO 27001 does not provide guidance o...

متن کامل

Tailoring ISO/IEC 27001 for SMEs: A Guide to Implement an Information Security Management System in Small Settings

While Information Security Management Systems (ISMS) are being adopted by the biggest IT companies, it remains quite difficult for smaller entities to implement and maintain all the requirements of ISO/IEC 27001. In order to increase information security in Luxembourg, the Public Research Centre Henri Tudor has been charged by the Luxembourg Ministry of Economy and Foreign Trade to find solutio...

متن کامل

ISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System

Established standards on security and risk management provide guidelines and advice to organizations and other stakeholders on how to fulfill their security needs. However, realizing and ensuring compliance with such standards may be challenging. This is partly because the descriptions are very generic and have to be refined and interpreted by security experts, and partly because they lack tech...

متن کامل

ISO/IEC 27000, 27001 and 27002 for Information Security Management

With the increasing significance of information technology, there is an urgent need for adequate measures of information security. Systematic information security management is one of most important initiatives for IT management. At least since reports about privacy and security breaches, fraudulent accounting practices, and attacks on IT systems appeared in public, organizations have recognize...

متن کامل

A Gap Analysis Tool for SMEs Targeting ISO/IEC 27001 Compliance

Current trends indicate that information security is critical for today’s enterprises. As managers realise they cannot ignore the potential security risks, they tend to turn to the ISO/IEC 27001 standard, in order to implement an Information Security Management System (ISMS). While being adopted by large companies, ISMS are still considered as out of range by numerous smaller entities. To help ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2016