IDEAS home Printed from https://ideas.repec.org/a/gam/jsusta/v15y2023i7p5828-d1108964.html
   My bibliography  Save this article

The ISO/IEC 27001 Information Security Management Standard: How to Extract Value from Data in the IT Sector

Author

Listed:
  • Fotis Kitsios

    (Department of Applied Informatics, University of Macedonia, 54636 Thessaloniki, Greece)

  • Elpiniki Chatzidimitriou

    (Department of Applied Informatics, University of Macedonia, 54636 Thessaloniki, Greece)

  • Maria Kamariotou

    (Department of Applied Informatics, University of Macedonia, 54636 Thessaloniki, Greece)

Abstract

In order to handle their regulatory and legal responsibilities and to retain trustworthy strategic partnerships, enterprises need to be dedicated to guaranteeing the privacy, accessibility, and authenticity of the data at their disposal. Companies can become more resilient in the face of information security threats and cyberattacks by effectively integrating security strategies. The goal of this article is to describe a plan that a corporation has implemented in the information technology industry in order to ensure compliance with International Organization for Standardization (ISO) 27001. This research demonstrates an examination of the reasons that force enterprises to make a investment in ISO 27001 in addition to the incentives that might be acquired from having undergone this process. In addition, the research examines the reasons that push firms to make an investment in ISO 27001. More particularly, the research investigates an international IT consulting services institution that is responsible for the implementation of large-scale business assistance insertion and projects. It demonstrates the risk management framework and the administrative structure of the appropriate situations so that its procedures are adequate and also in line with the guidelines founded by ISO 27001. In conclusion, it discusses the problems and difficulties that were experienced.

Suggested Citation

  • Fotis Kitsios & Elpiniki Chatzidimitriou & Maria Kamariotou, 2023. "The ISO/IEC 27001 Information Security Management Standard: How to Extract Value from Data in the IT Sector," Sustainability, MDPI, vol. 15(7), pages 1-17, March.
  • Handle: RePEc:gam:jsusta:v:15:y:2023:i:7:p:5828-:d:1108964
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2071-1050/15/7/5828/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/2071-1050/15/7/5828/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. G.K. Koulinas & O.E. Demesouka & P.K. Marhavilas & A.P. Vavatsikos & D.E. Koulouriotis, 2019. "Risk Assessment Using Fuzzy TOPSIS and PRAT for Sustainable Engineering Projects," Sustainability, MDPI, vol. 11(3), pages 1-15, January.
    2. Marhavilas, P.K. & Koulouriotis, D.E., 2012. "A combined usage of stochastic and quantitative risk assessment methods in the worksites: Application on an electric power provider," Reliability Engineering and System Safety, Elsevier, vol. 97(1), pages 36-46.
    3. Zio, E., 2018. "The future of risk assessment," Reliability Engineering and System Safety, Elsevier, vol. 177(C), pages 176-190.
    4. Jason K. Deane & David M. Goldberg & Terry R. Rakes & Loren P. Rees, 2019. "The effect of information security certification announcements on the market value of the firm," Information Technology and Management, Springer, vol. 20(3), pages 107-121, September.
    5. Farshad BahooToroody & Saeed Khalaj & Leonardo Leoni & Filippo De Carlo & Gianpaolo Di Bona & Antonio Forcina, 2021. "Reliability Estimation of Reinforced Slopes to Prioritize Maintenance Actions," IJERPH, MDPI, vol. 18(2), pages 1-12, January.
    6. Haqaf, Husam & Koyuncu, Murat, 2018. "Understanding key skills for information security managers," International Journal of Information Management, Elsevier, vol. 43(C), pages 165-172.
    7. Marhavilas, P.K. & Koulouriotis, D.E. & Spartalis, S.H., 2013. "Harmonic analysis of occupational-accident time-series as a part of the quantified risk evaluation in worksites: Application on electric power industry and construction sector," Reliability Engineering and System Safety, Elsevier, vol. 112(C), pages 8-25.
    8. Eling, Martin & Wirfs, Jan, 2019. "What are the actual costs of cyber risk events?," European Journal of Operational Research, Elsevier, vol. 272(3), pages 1109-1119.
    9. Gianpaolo Di Bona & Antonio Forcina & Domenico Falcone & Luca Silvestri, 2020. "Critical Risks Method (CRM): A New Safety Allocation Approach for a Critical Infrastructure," Sustainability, MDPI, vol. 12(12), pages 1-19, June.
    10. Fotis Kitsios & Maria Kamariotou, 2017. "Decision Support Systems and Strategic Information Systems Planning for Strategy Implementation," Springer Proceedings in Business and Economics, in: Androniki Kavoura & Damianos P. Sakas & Petros Tomaras (ed.), Strategic Innovative Marketing, pages 327-332, Springer.
    11. Mauricio Diéguez & Jaime Bustos & Carlos Cares, 2020. "Mapping the variations for implementing information security controls to their operational research solutions," Information Systems and e-Business Management, Springer, vol. 18(2), pages 157-186, June.
    12. Panagiotis K. Marhavilas & Michael G. Tegas & Georgios K. Koulinas & Dimitrios E. Koulouriotis, 2020. "A Joint Stochastic/Deterministic Process with Multi-Objective Decision Making Risk-Assessment Framework for Sustainable Constructions Engineering Projects—A Case Study," Sustainability, MDPI, vol. 12(10), pages 1-21, May.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Kanika Duggal & Seunghwan Myeong, 2024. "The Influence of Information Security Management System Implementation on the Financial Performance of Indian Companies: Examining the Moderating Effect of National Culture," Sustainability, MDPI, vol. 16(20), pages 1-21, October.
    2. Kemendi Agnes & Michelberger Pal, 2024. "Process security methods and measurement in the context of standard management systems," Engineering Management in Production and Services, Sciendo, vol. 16(2), pages 148-165.
    3. Farid Yessoufou & Salma Sassi & Elie Chicha & Richard Chbeir & Jules Degila, 2024. "User Mobility Modeling in Crowdsourcing Application to Prevent Inference Attacks," Future Internet, MDPI, vol. 16(9), pages 1-29, August.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Panagiotis K. Marhavilas & Michail Filippidis & Georgios K. Koulinas & Dimitrios E. Koulouriotis, 2020. "A HAZOP with MCDM Based Risk-Assessment Approach: Focusing on the Deviations with Economic/Health/Environmental Impacts in a Process Industry," Sustainability, MDPI, vol. 12(3), pages 1-29, January.
    2. Panagiotis K. Marhavilas & Michael G. Tegas & Georgios K. Koulinas & Dimitrios E. Koulouriotis, 2020. "A Joint Stochastic/Deterministic Process with Multi-Objective Decision Making Risk-Assessment Framework for Sustainable Constructions Engineering Projects—A Case Study," Sustainability, MDPI, vol. 12(10), pages 1-21, May.
    3. Hui-Ping Tserng & I-Cheng Cho & Chun-Hung Chen & Yu-Fan Liu, 2021. "Developing a Risk Management Process for Infrastructure Projects Using IDEF0," Sustainability, MDPI, vol. 13(12), pages 1-22, June.
    4. Pavel V. Shevchenko & Jiwook Jang & Matteo Malavasi & Gareth W. Peters & Georgy Sofronov & Stefan Truck, 2022. "The Nature of Losses from Cyber-Related Events: Risk Categories and Business Sectors," Papers 2202.10189, arXiv.org, revised Mar 2022.
    5. Suleyman Enes Hacibektasoglu & Bulent Mertoglu & Hakan Tozan, 2021. "Application of a Novel Hybrid f-SC Risk Analysis Method in the Paint Industry," Sustainability, MDPI, vol. 13(24), pages 1-23, December.
    6. Matteo Malavasi & Gareth W. Peters & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang & Georgy Sofronov, 2021. "Cyber Risk Frequency, Severity and Insurance Viability," Papers 2111.03366, arXiv.org, revised Mar 2022.
    7. Khastgir, Siddartha & Brewerton, Simon & Thomas, John & Jennings, Paul, 2021. "Systems Approach to Creating Test Scenarios for Automated Driving Systems," Reliability Engineering and System Safety, Elsevier, vol. 215(C).
    8. Suyuan Luo & Tsan‐Ming Choi, 2022. "E‐commerce supply chains with considerations of cyber‐security: Should governments play a role?," Production and Operations Management, Production and Operations Management Society, vol. 31(5), pages 2107-2126, May.
    9. Agbodoh-Falschau, Kouassi Raymond & Ravaonorohanta, Bako Harinivo, 2023. "Investigating the influence of governance determinants on reporting cybersecurity incidents to police: Evidence from Canadian organizations’ perspectives," Technology in Society, Elsevier, vol. 74(C).
    10. Shihab Uddin & Qing Lu & Hung Nguyen, 2021. "Truck Impact on Buried Water Pipes in Interdependent Water and Road Infrastructures," Sustainability, MDPI, vol. 13(20), pages 1-16, October.
    11. Maria Iglesias-Mendoza & Akilu Yunusa-Kaltungo & Sara Hadleigh-Dunn & Ashraf Labib, 2021. "Learning How to Learn from Disasters through a Comparative Dichotomy Analysis: Grenfell Tower and Hurricane Katrina Case Studies," Sustainability, MDPI, vol. 13(4), pages 1-18, February.
    12. Uddin, Md Hamid & Mollah, Sabur & Islam, Nazrul & Ali, Md Hakim, 2023. "Does digital transformation matter for operational risk exposure?," Technological Forecasting and Social Change, Elsevier, vol. 197(C).
    13. Leonardo Leoni & Farshad BahooToroody & Saeed Khalaj & Filippo De Carlo & Ahmad BahooToroody & Mohammad Mahdi Abaei, 2021. "Bayesian Estimation for Reliability Engineering: Addressing the Influence of Prior Choice," IJERPH, MDPI, vol. 18(7), pages 1-16, March.
    14. Jonek-Kowalska, Izabela & Nawrocki, Tomasz L., 2019. "Holistic fuzzy evaluation of operational risk in polish mining enterprises in a long-term and sectoral research perspective," Resources Policy, Elsevier, vol. 63(C), pages 1-1.
    15. David M. Goldberg & Jason K. Deane & Terry R. Rakes & Loren Paul Rees, 2022. "3D Printing Technology and the Market Value of the Firm," Information Systems Frontiers, Springer, vol. 24(4), pages 1379-1392, August.
    16. Gabriela Zeller & Matthias Scherer, 2023. "Risk mitigation services in cyber insurance: optimal contract design and price structure," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 502-547, April.
    17. Sima Rastayesh & Lijia Long & John Dalsgaard Sørensen & Sebastian Thöns, 2019. "Risk Assessment and Value of Action Analysis for Icing Conditions of Wind Turbines Close to Highways," Energies, MDPI, vol. 12(14), pages 1-15, July.
    18. Andrea Porcu & Stefano Sollai & Davide Marotto & Mauro Mureddu & Francesca Ferrara & Alberto Pettinau, 2019. "Techno-Economic Analysis of a Small-Scale Biomass-to-Energy BFB Gasification-Based System," Energies, MDPI, vol. 12(3), pages 1-17, February.
    19. Denuit, Michel & Ortega-Jimenez, Patricia & Robert, Christian Y., 2024. "No-sabotage under conditional mean risk sharing of dependent-by-mixture insurance losses," LIDAM Discussion Papers ISBA 2024019, Université catholique de Louvain, Institute of Statistics, Biostatistics and Actuarial Sciences (ISBA).
    20. Bennet Skarczinski & Mathias Raschke & Frank Teuteberg, 2023. "Modelling maximum cyber incident losses of German organisations: an empirical study and modified extreme value distribution approach," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 463-501, April.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jsusta:v:15:y:2023:i:7:p:5828-:d:1108964. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.