Date Added: Aug 2008
This paper attempts to find the reasons for low adoption of the international standard ISO/IEC 2700 on information security management. The author benchmarks ISO/IEC 27001 against the two other widely applied management system standards - ISO 9001 for quality management and ISO 14001 for environmental management. The paper shows that besides low adoption rates, ISO/IEC 27001 standard has received significantly less interest from academia, as measured by the number of scholarly publications on the topic. The paper compares the reasons for the ISO/IEC 27001 standard's application with those for ISO 9001 and conclude with listing possible drivers and barriers for the standards diffusion and suggesting a roadmap for future research on the topic.