ISO / IEC 27001 Implementation
نویسنده
چکیده
The International Organization for Standardization (ISO) is an international organization that sets standards which provide measurable quality to products and services which, if implemented correctly, should increase reliability and operational efficiency. ISO established several IT standards, one of which is ISO/IEC27001:2005 Information Security Management System (ISO27001), providing security requirements to establish and implement security management within the scope of business. ISO27001 is used by companies around the world. For example, in 2008 in the USA only 85 companies held current certification while in Japan 2994 companies held a certification. This research tries to identify the reasons for the difference in the number of companies among Germany, UK, Austria and Switzerland that use ISO27001. The paradox is that the UK and Germany, who were the initial proponents of the standard, have less certificate holders than Japan and Taiwan. What is the reason for this?
منابع مشابه
Analysis of the User Acceptance for Implementing ISO/IEC 27001:2005 in Turkish Public Organizations
This study aims to develop a model for the user acceptance for implementing the information security standard (i.e. ISO 27001) in Turkish public organizations. The results of the surveys performed in Turkey reveal that the legislation on information security public which organizations have to obey is significantly related with the user acceptance during ISO 27001 implementation process. The fun...
متن کاملObstructions of Turkish Public Organizations Getting ISO/IEC 27001 Certified
In this paper; a comparison has been made among the Articles contained in the ISO/IEC 27001 Standard and the Articles of the Civil Servants Law No 657, which should essentially be complied with by the personnel employed within the bodies of public institutions in Turkey; and efforts have been made in order to emphasize the consistent Articles; and in addition, the matters, which should be paid ...
متن کاملA Gap Analysis Tool for SMEs Targeting ISO/IEC 27001 Compliance
Current trends indicate that information security is critical for today’s enterprises. As managers realise they cannot ignore the potential security risks, they tend to turn to the ISO/IEC 27001 standard, in order to implement an Information Security Management System (ISMS). While being adopted by large companies, ISMS are still considered as out of range by numerous smaller entities. To help ...
متن کاملGetting the Full Benefits of the ISO 27001 to Develop an ISMS based on Organisations’ InfoSec Culture
The ISO/IEC 27001 is an important and the most leading international information security management standard in the information security (InfoSec) world. The benefits of implementing the ISO 27001 are to provide market assurance and IT governance, based on customer demands and legal requirements. Although the ISO 27001 is a generic standard for all types of organisations and countries, there a...
متن کاملInteractive Selection of ISO 27001 Controls under Multiple Objectives
IT security incidents pose a major threat to the efficient execution of corporate strategies. Although, information security standards provide a holistic approach to mitigate these threats and legal acts demand their implementation, companies often refrain from the implementation of information security standards, especially due to high costs and the lack of evidence for a positive cost/benefit...
متن کاملIso/iec 27001 Information Systems Security Management Standard : Exploring the Reasons for Low Adoption
In this paper we attempt to find the reasons for low adoption of the international standard ISO/IEC 2700 on information security management. We benchmark ISO/IEC 27001 against the two other widely applied management system standards – ISO 9001 for quality management and ISO 14001 for environmental management We show that besides low adoption rates, ISO/IEC 27001 standard has received significan...
متن کامل