ISO/IEC 27001 Implementation in Public Organizations: A Case Study

被引：0

作者：

Sussy, Bayona ^{[1
]}

Wilber, Chauca ^{[1
]}

Milagros, Lopez ^{[1
]}

Carlos, Maldonado ^{[1
]}

机构：

[1] Univ Nacl Mayor San Marcos, Unidad Posgrado, Fac Ingn Sistemas & Informat, Av German Amezaga 375, Lima, Peru

来源：

2015 10TH IBERIAN CONFERENCE ON INFORMATION SYSTEMS AND TECHNOLOGIES (CISTI) | 2015年

关键词：

critical success factors; NTP ISO/IEC 27001; information security management system; ISMS;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

In recent years, due to the intensive use of information technology, the information security has become a crucial and strategic issue in organizational management. Various standards and guidelines for security information as ISO/IEC 27001, ISO/IEC 27002, and COBIT have been developed; however, organizations still face difficulties in their implementation. This paper presents the current situation of the ISO/IEC 27001 implementation process in Peruvian public organizations. As a result of literature review, the critical success factors for successful implementation of ISO/IEC 7001 were identified. Furthermore, it was conducted a review of the ISO/IEC 27001 implementation in five organizations, taking into consideration the critical success factors identified. From the results obtained, it is concluded that there is the need for considering not only technical, legal, and organizational issues but also factors related to people such as training, knowledge and awareness raising in order to get success of information security management.

引用

页数：6

共 50 条

[41] Proposal for a software development framework based on the ISO/IEC 29110 standard: Public organizations
Faustino, Israel
Mejia, Jezreel
2020 9TH INTERNATIONAL CONFERENCE ON SOFTWARE PROCESS IMPROVEMENT (CIMPS), 2020, : 132 - 140
[42] ISO/IEC 15504 BEST PRACTICES TO FACILITATE ISO/IEC 27000 IMPLEMENTATION
Mas, Antonia
Lluis Mesquida, Antoni
Amengual, Esperanca
Fluxa, Bartomeu
ENASE 2010: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON EVALUATION OF NOVEL APPROACHES TO SOFTWARE ENGINEERING, 2010, : 192 - 198
[43] ISMS Planning Based On ISO/IEC 27001:2013 Using Analytical Hierarchy Process at Gap Analysis Phase (Case Study : XYZ Institute)
Briliyant, Obrina Candra
Candra, Johanes Widhi
Tamba, Sion Rebeca
2017 11TH INTERNATIONAL CONFERENCE ON TELECOMMUNICATION SYSTEMS SERVICES AND APPLICATIONS (TSSA), 2017,
[44] An Approach to Map COBIT Processes to ISO/IEC 27001 Information Security Management Controls
Sheikhpour, Razieh
Modiri, Nasser
INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS, 2012, 6 (02): : 13 - 28
[45] ISO/IEC 27001:2013标准框架结构的新变化
王曙光
公伟
质量与认证, 2015, (09) : 62 - 63
[46] ISO/IEC27001信息安全管理体系标准浅析
罗思
中国标准化, 2007, (04) : 21 - 21
[47] The Evaluation of the Electronic Services with Accordance to IT-security Requirements Based on ISO/IEC 27001
Livshitz, Ilya I.
Nikiforova, Kseniya A.
Lontsikh, Pavel A.
Karaseva, Viktoria A.
PROCEEDINGS OF THE 2016 IEEE CONFERENCE ON QUALITY MANAGEMENT, TRANSPORT AND INFORMATION SECURITY, INFORMATION TECHNOLOGIES (IT&MQ&IS), 2016,
[48] THEORETICAL AND PRACTICAL CONSIDERATIONS REGARDING THE INFORMATION SECURITY MANAGEMENT SYSTEM WITHIN ORGANIZATIONS IN CONCORDANCE WITH THE NEW INTERNATIONAL STANDARD ISO/IEC 27001:2013
Tiganoaia, Bogdan
GLOBALIZATION AND INTERCULTURAL DIALOGUE: MULTIDISCIPLINARY PERSPECTIVES - ECONOMY AND MANAGEMENT, 2014, : 62 - 68
[49] 基于ISO/IEC27001标准的高校信息安全治理
何济玲
陈仕品
程吉麟
艾贤明
现代教育技术, 2016, 26 (09) : 60 - 65
[50] ISO/IEC 27001修订战略国际研讨会在北京召开
中国信息安全, 2011, (10) : 74 - 74

← 1 2 3 4 5 →