This paper describes the business impact of two international standards for information security management: ISO/IEC 27001 and ISO/IEC 27002. Six company cases show that companies had different reasons for wanting to implement these standards, but that they achieved most of their objectives. Benefits include improved service quality, higher customer satisfaction, and in some cases, new business opportunities. A number of common success factors ensure the objectives can be achieved, and financial and non-financial benefits can indeed be obtained. The lessons learnt from these cases can help other companies to also reap such benefits.
CITATION STYLE
M. van Wessel, R., & De Vries, H. J. (2013). Business Impacts of International Standards for Information Security Management. Lessons from Case Companies. Journal of ICT Standardization, 25–40. https://doi.org/10.13052/jicts2245-800x.122
Mendeley helps you to discover research relevant for your work.