Article: Protective shields: the drivers of adopting information security standards and complementarity with different security standards Journal: International Journal of Services and Standards (IJSS) 2023 Vol.13 No.3/4 pp.195 - 220 Abstract: Information security is a serious issue threatening businesses. Thus, effective strategies are needed to protect critical organisational information. Research indicates that organisations should implement IT governance and security using best practices from different frameworks rather than relying on individual existing frameworks. This study explores key factors influencing adoption and implementation of information security management systems from the perspective of the ISO 27001 certification process. We provide insight into how organisations seek support and guidance from different standards and frameworks. Using the grounded theory methodology, we interviewed fourteen participants with information security competence who work in manufacturing, financial or consulting services industries. We identified response themes relating to ISO 27001 adoption factors and implementation drivers. We also examined differences between ISO 27001 and CIS Controls. Our results suggest that effective integration of ISO 27001 certification and CIS Controls allows organisations to achieve best practices in IT governance and security. Inderscience Publishers - linking academia, business and industry through research

You can view the full text of this article for free using the link below.

Title: Protective shields: the drivers of adopting information security standards and complementarity with different security standards

Authors: Chia-Ming Sun; Kui-Ying Lin; Yu-Hsin Lai

Addresses: Department of Accounting, National Yunlin University of Science and Technology, No. 123, University Rd., Section 3, Douliu, Yunlin, 640, Taiwan ' Department of Accounting, National Yunlin University of Science and Technology, No. 123, University Rd., Section 3, Douliu, Yunlin, 640, Taiwan ' Department of Accounting, National Yunlin University of Science and Technology, No. 123, University Rd., Section 3, Douliu, Yunlin, 640, Taiwan

Abstract: Information security is a serious issue threatening businesses. Thus, effective strategies are needed to protect critical organisational information. Research indicates that organisations should implement IT governance and security using best practices from different frameworks rather than relying on individual existing frameworks. This study explores key factors influencing adoption and implementation of information security management systems from the perspective of the ISO 27001 certification process. We provide insight into how organisations seek support and guidance from different standards and frameworks. Using the grounded theory methodology, we interviewed fourteen participants with information security competence who work in manufacturing, financial or consulting services industries. We identified response themes relating to ISO 27001 adoption factors and implementation drivers. We also examined differences between ISO 27001 and CIS Controls. Our results suggest that effective integration of ISO 27001 certification and CIS Controls allows organisations to achieve best practices in IT governance and security.

Keywords: information security management systems; cyber security risk; information security standards; information security governance; ISO standards; ISO 27001 certifications; CIS controls.

DOI: 10.1504/IJSS.2023.132773

International Journal of Services and Standards, 2023 Vol.13 No.3/4, pp.195 - 220

Received: 11 Jul 2021
Accepted: 19 Jan 2022
Published online: 09 Aug 2023 *

Full-text access for editors Full-text access for subscribers Free access Comment on this article

Title: Protective shields: the drivers of adopting information security standards and complementarity with different security standards

Keep up-to-date