Business Impacts of International Standards for Information Security Management. Lessons from Case Companies

RM van Wessel, Henk de Vries

Research output: Contribution to journalArticleAcademicpeer-review

Abstract

This paper describes the business impact of two international standards for information security management: ISO/IEC 27001 and ISO/IEC 27002. Six company cases show that companies had different reasons for wanting to implement these standards, but that they achieved most of their objectives. Benefits include improved service quality, higher customer satisfaction, and in some cases, new business opportunities. A number of common success factors ensure the objectives can be achieved, and financial and non-financial benefits can indeed be obtained. The lessons learnt from these cases can help other companies to also reap such benefits.
Original languageEnglish
Pages (from-to)25-40
Number of pages16
JournalJournal of ICT Standardization
Volume1
Issue number1
DOIs
Publication statusPublished - 2013

Fingerprint

Dive into the research topics of 'Business Impacts of International Standards for Information Security Management. Lessons from Case Companies'. Together they form a unique fingerprint.

Cite this