Title :
Implementing the ISO/IEC 17799 standard in practice - findings from small and medium sized software organisations
Author_Institution :
Univ. of Oulu, Oulu
Abstract :
The ISO/IEC 17799 standard is commonly viewed as a necessary element in information security management. However, there is no empirical evidence of the usefulness of the standard in practice. This paper analyses the implementation experiences of four organisations that have implemented the ISO/IEC 17799 standard. Through semi-structured interviews, the results of the study suggest that the implementation of the standard has increased the understanding of information security in all personnel groups and the understanding of security has broadened from the technical aspects to corporate security. As downsides of implementing the ISO/IEC 17799 standard, the difficulties in deploying the standard, and the readability of the standard were criticised. The standard was also criticised because it does not directly affect the quality of the end product or service; it only has an indirect effect owing to the improved information security practices.
Keywords :
IEC standards; ISO standards; security of data; small-to-medium enterprises; software houses; ISO/IEC 17799 standard; corporate security; information security management; semistructured interview; small-and-medium-sized software organisation; Business continuity; Computer crime; IEC standards; ISO standards; Information management; Information security; Personnel; Planning; Protection; Software standards;
Conference_Titel :
Standardization and Innovation in Information Technology, 2007. SIIT 2007. 5th International Conference on
Conference_Location :
Calgary, AB
Print_ISBN :
978-1-4244-1495-6
Electronic_ISBN :
978-1-4244-1496-3
DOI :
10.1109/SIIT.2007.4629320
