IIUM Repository

A comparative review of ISMS implementation based on ISO 27000 series in organizations of different business sectors

Hamdi, Zaidatulnajla and Norman, Azah Anir and Abdul Molok, Nurul Nuha and Hassandoust, Farkhondeh (2019) A comparative review of ISMS implementation based on ISO 27000 series in organizations of different business sectors. In: 1st International Conference Computer Science and Engineering (IC2SE 2019), 26 Apr.-27-Apr.2019, Padang, Indonesia.

[img] PDF - Published Version
Restricted to Registered users only

Download (534kB) | Request a copy

Abstract

Organizations have different takes on Information Security Management Systems (ISMS) since security measurements vary according to their business relevance. One way to assure ISMS is being well-implemented is by having a standard compliance such as the ISO 27000 series. The ISO 27000 series is a family of standards that provides a framework for best practice ISMS that helps organizations keep their information assets secure. This paper intends to seek how organizations in different business sectors implement ISMS in their practices. By identifying which organization attains a higher number of ISO requirements, it is anticipated that the characteristics that increase the chances of an organization being certified can be distinguished. This paper reviews case studies regarding the ISMS implementation based on ISO 27000 series between organizations in different business sectors. The result of this paper presents the state of ISO compliance of the organizations. The findings also discussed the characteristics of organizations that are applicable for certification. Through the findings, it is found that the organization, which fulfilled the highest number of ISO requirement, has a stronger possibility of being certified. However, ISO standards should be more dynamic to support diverse business environment thus avoiding generalization to get compliance.

Item Type: Conference or Workshop Item (Plenary Papers)
Additional Information: 5341/86510
Uncontrolled Keywords: Information Security, ISMS, ISO 27000
Subjects: T Technology > T Technology (General) > T55.4 Industrial engineering.Management engineering. > T58.6 Management information systems
Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): Kulliyyah of Information and Communication Technology
Kulliyyah of Information and Communication Technology

Kulliyyah of Information and Communication Technology > Department of Information System
Kulliyyah of Information and Communication Technology > Department of Information System
Depositing User: Dr. Nurul Nuha Abdul Molok
Date Deposited: 17 Dec 2020 11:38
Last Modified: 17 Dec 2020 11:38
URI: http://irep.iium.edu.my/id/eprint/86510

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year