Challenging IS and ISM Standardization for Business Benefits

This paper deals with challenges of the Information Security (IS) and Information Security Management (ISM) standards and their beneficial use in organizations. Emphasis is in the standardization within the committee ISO/IEC JTC1/SC27 and in its management standardization. It is also considered ISM standards´ complicated links with many other management standards. Principles, concepts and definitions are not considered consistently in the ISM standards. ISM standards use the recognized business management models very superficially. Standards do not make clear relations between ISM and Information Security Assurance (ISA). A real crisis in the ISM standardization is that it has no innovative solutions for modern business environments that emphasize speed, changes, agility, and complexity.The situational knowledge for the paper is based on worldwide observations by the authors through collaboration with many different contexts, organizations and expert networks. The paper provides a practical business-dedicated approach to the issue and brings together a business practitioner and an information security researcher knowing by long-standing experiences the real difficulties and possibilities in organizations. Recognized researchers have been referred for the links to sound multifaceted theoretical foundations.