In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
» Openaccess proceedings » Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016)
Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016) |
Title: Getting the Full Benefits of the ISO 27001 to Develop an ISMS based on Organisations’ InfoSec Culture
Author(s): Bahareh Shojaie, Hannes Federrath, Iman Saberi
Reference: pp88-100
Keywords: ISO 27001 Adoption, Withdrawn Certificate, Hofstede, InfoSec Cultural Behaviour
Abstract: The ISO/IEC 27001 is an important and the most leading international information security management standard in the information security (InfoSec) world. The benefits of implementing the ISO 27001 are to provide market assurance and IT governance, based on customer demands and legal requirements. Although the ISO 27001 is a generic standard for all types of organisations and countries, there are still some countries that do not adopt the ISO 27001 largely. The main reason for this low adoption rate is the cultural barriers of implementing ISO 27001. The considerable influences of culture on the InfoSec have long been a topic of public and scientific interests. However, the relationship between InfoSec cultural behaviour and the ISO 27001 efficiency was unfounded. Understanding influential national cultural characteristics is considerably important for establishing a strong InfoSec culture, which is compatible with the ISO 27001 requirements. Based on the literature review, personal interviews and limited results of the preliminary survey, this study found three distinguished cultural behaviours the most applicable cultural characteristics to the ISO 27001 efficiency. This study reduces the cultural barriers of implementing ISO 27001 by enhancing required resources and insiders’ cooperation in overarching employees’ bypassing of defined rules and regulations.
Download count: 2155
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.