ISO/IEC 27001 Information Systems Security Management Standard: Exploring the Reasons for Low Adoption

Download Now Date Added: Aug 2008
Format: PDF

This paper attempts to find the reasons for low adoption of the international standard ISO/IEC 2700 on information security management. The author benchmarks ISO/IEC 27001 against the two other widely applied management system standards - ISO 9001 for quality management and ISO 14001 for environmental management. The paper shows that besides low adoption rates, ISO/IEC 27001 standard has received significantly less interest from academia, as measured by the number of scholarly publications on the topic. The paper compares the reasons for the ISO/IEC 27001 standard's application with those for ISO 9001 and conclude with listing possible drivers and barriers for the standards diffusion and suggesting a roadmap for future research on the topic.