Implementation of Information Security Management Systems for Data Protection in Organizations: A systematic literature review
DOI:
https://doi.org/10.21834/e-bpj.v9iSI18.5483Keywords:
Information Security Management Systems, Information Security Management, ISO/IEC 27001, Data Protection in OrganizationAbstract
This systematic literature review investigates the implementation of Information Security Management Systems (ISMS) as a pivotal strategy for safeguarding organizational information in the digital era. Focusing on key factors influencing ISMS implementation, its impact on data protection, and the methodologies employed, the review underscores the significance of awareness and training in fostering compliance. Emphasizing the ISO/IEC 27001 standard as a prevalent framework, the study reveals positive impacts on organizational performance, financial outcomes, corporate reputation, and branding. The findings advocate for a comprehensive and structured approach to information security, urging future research to explore diverse organizational contexts and industries for a nuanced understanding of ISMS practices and their impact on organizational agility.
References
Alshaikh, M. (2018), “Information security management practices in organisations (unpublished”, doctoral dissertation). University of Melbourne, Melbourne.
Alzahrani, L., & Seth, K. P. (2021). The impact of organisational practices on the information security management performance. Information, 12 (10), 398. https://doi.org/10.3390/info12100398 DOI: https://doi.org/10.3390/info12100398
Amini, M., Vakilimofrad, H., & Saberi, M. K. (2021). Human factors affecting information security in libraries. The Bottom Line, 34(1), 45-67. https://doi.org/10.1108/bl04-2020-0029 DOI: https://doi.org/10.1108/BL-04-2020-0029
Arbanas, K., & Žajdela Hrustek, N. (2019). Key success factors of information systems security. Journal of information and organizational sciences, 43(2), 131-144. https://doi.org/10.31341/jios.43.2.1 DOI: https://doi.org/10.31341/jios.43.2.1
Bokhari, S. A. A., & Manzoor, S. (2022). Impact of Information Security Management System on Firm Financial Performance: Perspective of Corporate Reputation and Branding. American Journal of Industrial and Business Management, 12, 934-954. https://doi.org/10.4236/ajibm.2022.125048 DOI: https://doi.org/10.4236/ajibm.2022.125048
Bouziani, M. M., Merbah, M. M., Tiskar, M. M., ET-Tahir, M. A., & Chaouch, M. A. (2022). When can we talk about implementing an Information Security Management System, according to ISO 27001? Turkish Journal of Computer and Mathematics Education (TURCOMAT), 13(2), 394-401.
Culot, G., Nassimbeni, G., Podrecca, M., & Sartor, M. (2021). The ISO/IEC 27001 information security management standard: Literature review and theory-based research agenda. The TQM Journal, 33(7), 76-105. https://doi.org/10.1108/tqm-09-2020-0202 DOI: https://doi.org/10.1108/TQM-09-2020-0202
Farid, G., Warraich, N. F., & Iftikhar, S. (2023). Digital information security management policy in academic libraries: A systematic review (2010–2022). Journal of Information Science, 016555152311600. https://doi.org/10.1177/01655515231160026 DOI: https://doi.org/10.1177/01655515231160026
Fonseca-Herrera, O. A., Rojas, A. E., & Florez, H. (2021). A model of an information security management system based on NTC-ISO/IEC 27001 standard. IAENG Int. J. Comput. Sci, 48(2), 213-222.
Gwebu, K. L., Wang, J., & Wang, L. (2018). The Role of Corporate Reputation and Crisis Response Strategies in Data Breach Management. Journal of Management Information Systems, 35, 683-714. https://doi.org/10.1080/07421222.2018.1451962 DOI: https://doi.org/10.1080/07421222.2018.1451962
Hallová, M., Polakovič, P., Šilerová, E., & Slováková, I. (2019). Data protection and security in SMEs under enterprise infrastructure. AGRIS on-line Papers in Economics and Informatics, 11(665-2019-3992). DOI: https://doi.org/10.7160/aol.2019.110103
Kharchenko, V., Dotsenko, S., Illiashenko, O., & Kamenskyi, S. (2019). Integrated cyber safety & Security management system: Industry 4.0 issue. 2019 10th International Conference on Dependable Systems, Services and Technologies (DESSERT). https://doi.org/10.1109/dessert.2019.8770010 DOI: https://doi.org/10.1109/DESSERT.2019.8770010
Menon, N. M., & Siponen, M. T. (2020). Executives’ Commitment to Information Security: Interaction between the Preferred Subordinate Influence Approach (PSIA) and Proposal Characteristics. ACM SIGMIS Database: The DATABASE for Advances in Information Systems, 51, 36-53. https://doi.org/10.1145/3400043.3400047 DOI: https://doi.org/10.1145/3400043.3400047
Mirtsch, M., Kinne, J., & Blind, K. (2021). Exploring the adoption of the international information security management system standard ISO/IEC 27001: A web mining-based analysis. IEEE Transactions on Engineering Management, 68(1), 87-100. https://doi.org/10.1109/tem.2020.2977815 DOI: https://doi.org/10.1109/TEM.2020.2977815
Mirtsch, M., Pohlisch, J., & Blind, K. (2020). International diffusion of the information security management system standard ISO/IEC 27001: exploring the role of culture.
Mohamad Noorman Masrek, Qamarul Nazrin Harun & Muhamad Khairulnizam Zaini. (2018). The development of an information security culture scale for the Malaysian public organisation. International Journal of Mechanical Engineering and Technology (IJMET), 9(7), 1255-1267.
Muhamad Khairulnizam Zaini, Mohamad Noorman Masrek, & Mad Khir Johari Abdullah Sani. (2020). The impact of information security management practices on organisational agility. Information & Computer Security, 28(5), 681-700. https://doi.org/10.1108/ics-02-2020- 0020 DOI: https://doi.org/10.1108/ICS-02-2020-0020
Njuki, J. W., Muketha, G. M., & Ndia, J. G. (2022). A systematic literature review on security indicators for open-source Enterprise resource planning software. International Journal of Software Engineering & Applications, 13(3), 27-38. https://doi.org/10.5121/ijsea.2022.13303 DOI: https://doi.org/10.5121/ijsea.2022.13303
Nurazean Maarop, Witarsyah, D., Surya Sumarni Hussein, Samy, G. N., Noor Hafizah Hassan, Ten, D. W. H., Roslina Mohammad, Norziha Megat Mohd (2021). Information Security Management System Success Measurement Indicator. International Journal of Scientific & Technology Research, 10(02). https://doi.org/10.3403/30134765u DOI: https://doi.org/10.3403/30134765U
Okoli, C., & Schabram, K. (2010). A guide to conducting a systematic literature review of information systems research. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.1954824 DOI: https://doi.org/10.2139/ssrn.1954824
P.N., S. (2021). The impact of information security initiatives on supply chain robustness and performance: An empirical study. Information & Computer Security, 29(2), 365-391. https://doi.org/10.1108/ics-07-2020-0128 DOI: https://doi.org/10.1108/ICS-07-2020-0128
Safonova, O. M., & Kotelnikov, N. V. (2020). Modeling the information security management system (ISMS) of a medical organisation. In E3S Web of Conferences (Vol. 224, p. 01035). EDP Sciences. DOI: https://doi.org/10.1051/e3sconf/202022401035
Singh, A. N., & Gupta, M. (2017). Information security management practices: Case studies from India. Global Business Review, 20(1), 253-271. https://doi.org/10.1177/0972150917721836 DOI: https://doi.org/10.1177/0972150917721836
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), 215-225. https://doi.org/10.1016/j.ijinfomgt.2015.11.009 DOI: https://doi.org/10.1016/j.ijinfomgt.2015.11.009
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Siti Suhaida Marhad, Siti Zaleha Abd Goni, Mad Khir Johari Abdullah Sani

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.