Benefits and Challenges in Information Security Certification - A Systematic Literature Review

Information security certification (ISC) gets increasingly more complex. Although certain benefits, challenges and success factors have been recognized by both scholars and practitioners in the field, little has been done to consolidate the published knowledge. This systematic literature review attempts to consolidate what is currently known on the benefits of ISC, the issues and the challenges to certification, and the success factors that organizations consider while embarking on this process. Following the guidelines of Kitchenham et al., and Kuhrmann et al., we examined 42 papers that are relevant to our area of interest. We identified 12 benefits, 15 challenges, and 8 success factors. Our most important conclusion is that the current certification process is complex and suboptimal; it is expensive and it depends on the auditor's skills. Finally, we evaluated validity threats and derived some implications for practice and for research.