Getting the Full Benefits of the ISO 27001 to Develop an ISMS based on Organisations’ InfoSec Culture

The ISO/IEC 27001 is an important and the most leading international information security management standard in the information security (InfoSec) world. The benefits of implementing the ISO 27001 are to provide market assurance and IT governance, based on customer demands and legal requirements. Although the ISO 27001 is a generic standard for all types of organisations and countries, there are still some countries that do not adopt the ISO 27001 largely. The main reason for this low adoption rate is the cultural barriers of implementing ISO 27001. The considerable influences of culture on the InfoSec have long been a topic of public and scientific interests. However, the relationship between InfoSec cultural behaviour and the ISO 27001 efficiency was unfounded. Understanding influential national cultural characteristics is considerably important for establishing a strong InfoSec culture, which is compatible with the ISO 27001 requirements. Based on the literature review, personal interviews and limited results of the preliminary survey, this study found three distinguished cultural behaviours the most applicable cultural characteristics to the ISO 27001 efficiency. This study reduces the cultural barriers of implementing ISO 27001 by enhancing required resources and insiders’ cooperation in overarching employees’ bypassing of defined rules and regulations.