The ISO/IEC 27001 is an important and the most leading international information security management standard in the information security (InfoSec) world. The benefits of implementing the ISO 27001 are to provide market assurance and IT governance, based on customer demands and legal requirements. Although the ISO 27001 is a generic standard for all types of organisations and countries, there a...

In this paper; a comparison has been made among the Articles contained in the ISO/IEC 27001 Standard and the Articles of the Civil Servants Law No 657, which should essentially be complied with by the personnel employed within the bodies of public institutions in Turkey; and efforts have been made in order to emphasize the consistent Articles; and in addition, the matters, which should be paid ...

In this paper we attempt to find the reasons for low adoption of the international standard ISO/IEC 2700 on information security management. We benchmark ISO/IEC 27001 against the two other widely applied management system standards – ISO 9001 for quality management and ISO 14001 for environmental management We show that besides low adoption rates, ISO/IEC 27001 standard has received significan...

The International Organization for Standardization (ISO) is an international organization that sets standards which provide measurable quality to products and services which, if implemented correctly, should increase reliability and operational efficiency. ISO established several IT standards, one of which is ISO/IEC27001:2005 Information Security Management System (ISO27001), providing securit...

Die ISO27001:2005 als Informationssicherheitsmanagementsystem (ISMS) etabliert sich zunehmend als der Sicherheitsstandard in Unternehmen. Die Grundidee des ISMS basiert auf einem Management der Informationssicherheit welches ausgerichtet ist auf dem Management der Unternehmensrisiken und einen direkten Bezug zum Firmenumsatz herstellt. Bis September 2009 wurden weltweit mehr als 5822 1 zertifiz...

IT security incidents pose a major threat to the efficient execution of corporate strategies. Although, information security standards provide a holistic approach to mitigate these threats and legal acts demand their implementation, companies often refrain from the implementation of information security standards, especially due to high costs and the lack of evidence for a positive cost/benefit...

This study aims to develop a model for the user acceptance for implementing the information security standard (i.e. ISO 27001) in Turkish public organizations. The results of the surveys performed in Turkey reveal that the legislation on information security public which organizations have to obey is significantly related with the user acceptance during ISO 27001 implementation process. The fun...

Current trends indicate that information security is critical for today’s enterprises. As managers realise they cannot ignore the potential security risks, they tend to turn to the ISO/IEC 27001 standard, in order to implement an Information Security Management System (ISMS). While being adopted by large companies, ISMS are still considered as out of range by numerous smaller entities. To help ...