Implementing international standards for Information Security Management in China and Europe: a comparative multi-case study

RM van Wessel; X (Xi) Yang; Henk de Vries

doi:10.1080/09537325.2011.604155

Implementing international standards for Information Security Management in China and Europe: a comparative multi-case study

RM van Wessel, X (Xi) Yang, Henk de Vries

Research output: Contribution to journal › Article › Academic › peer-review

14 Citations (Scopus)

Abstract

The leading international standards for information security management, ISO/IEC 27001 and ISO/IEC 27002, originate from the UK but are applied world-wide. Although the technology used is identical, the institutional and cultural settings are different. This paper explores whether the processes of selection, implementation and use of these interrelated standards differ between China and Europe. We have studied cases of Chinese and European companies. Main differences relate to governance and management of standard adoption. This study is innovative in 1) the method used for standardisation research (comparative multi-case-study, and distinguishing selection, implementation, use and impact of the standard), 2) the topic: implementation and impact of information security management standards, and 3) the geographic area: both China and Europe.

Original language	English
Pages (from-to)	865-879
Number of pages	15
Journal	Technology Analysis and Strategic Management
Volume	23
Issue number	8
DOIs	https://doi.org/10.1080/09537325.2011.604155
Publication status	Published - 2011

Research programs

RSM LIS

Access to Document

10.1080/09537325.2011.604155

http://hdl.handle.net/1765/25840

Cite this

@article{236e7e33ed1e4a2f8f54da8d5f4090aa,

title = "Implementing international standards for Information Security Management in China and Europe: a comparative multi-case study",

abstract = "The leading international standards for information security management, ISO/IEC 27001 and ISO/IEC 27002, originate from the UK but are applied world-wide. Although the technology used is identical, the institutional and cultural settings are different. This paper explores whether the processes of selection, implementation and use of these interrelated standards differ between China and Europe. We have studied cases of Chinese and European companies. Main differences relate to governance and management of standard adoption. This study is innovative in 1) the method used for standardisation research (comparative multi-case-study, and distinguishing selection, implementation, use and impact of the standard), 2) the topic: implementation and impact of information security management standards, and 3) the geographic area: both China and Europe.",

author = "{van Wessel}, RM and Yang, {X (Xi)} and {de Vries}, Henk",

year = "2011",

doi = "10.1080/09537325.2011.604155",

language = "English",

volume = "23",

pages = "865--879",

journal = "Technology Analysis and Strategic Management",

issn = "0953-7325",

publisher = "Routledge",

number = "8",

}

TY - JOUR

T1 - Implementing international standards for Information Security Management in China and Europe: a comparative multi-case study

AU - van Wessel, RM

AU - Yang, X (Xi)

AU - de Vries, Henk

PY - 2011

Y1 - 2011

N2 - The leading international standards for information security management, ISO/IEC 27001 and ISO/IEC 27002, originate from the UK but are applied world-wide. Although the technology used is identical, the institutional and cultural settings are different. This paper explores whether the processes of selection, implementation and use of these interrelated standards differ between China and Europe. We have studied cases of Chinese and European companies. Main differences relate to governance and management of standard adoption. This study is innovative in 1) the method used for standardisation research (comparative multi-case-study, and distinguishing selection, implementation, use and impact of the standard), 2) the topic: implementation and impact of information security management standards, and 3) the geographic area: both China and Europe.

AB - The leading international standards for information security management, ISO/IEC 27001 and ISO/IEC 27002, originate from the UK but are applied world-wide. Although the technology used is identical, the institutional and cultural settings are different. This paper explores whether the processes of selection, implementation and use of these interrelated standards differ between China and Europe. We have studied cases of Chinese and European companies. Main differences relate to governance and management of standard adoption. This study is innovative in 1) the method used for standardisation research (comparative multi-case-study, and distinguishing selection, implementation, use and impact of the standard), 2) the topic: implementation and impact of information security management standards, and 3) the geographic area: both China and Europe.

U2 - 10.1080/09537325.2011.604155

DO - 10.1080/09537325.2011.604155

M3 - Article

SN - 0953-7325

VL - 23

SP - 865

EP - 879

JO - Technology Analysis and Strategic Management

JF - Technology Analysis and Strategic Management

IS - 8

ER -

Implementing international standards for Information Security Management in China and Europe: a comparative multi-case study

Abstract

Research programs

Access to Document

Fingerprint

Cite this