• DocumentCode
    2889239
  • Title

    Implementing the ISO/IEC 17799 standard in practice - findings from small and medium sized software organisations

  • Author

    Wiander, Timo

  • Author_Institution
    Univ. of Oulu, Oulu
  • fYear
    2007
  • fDate
    17-19 Oct. 2007
  • Firstpage
    91
  • Lastpage
    104
  • Abstract
    The ISO/IEC 17799 standard is commonly viewed as a necessary element in information security management. However, there is no empirical evidence of the usefulness of the standard in practice. This paper analyses the implementation experiences of four organisations that have implemented the ISO/IEC 17799 standard. Through semi-structured interviews, the results of the study suggest that the implementation of the standard has increased the understanding of information security in all personnel groups and the understanding of security has broadened from the technical aspects to corporate security. As downsides of implementing the ISO/IEC 17799 standard, the difficulties in deploying the standard, and the readability of the standard were criticised. The standard was also criticised because it does not directly affect the quality of the end product or service; it only has an indirect effect owing to the improved information security practices.
  • Keywords
    IEC standards; ISO standards; security of data; small-to-medium enterprises; software houses; ISO/IEC 17799 standard; corporate security; information security management; semistructured interview; small-and-medium-sized software organisation; Business continuity; Computer crime; IEC standards; ISO standards; Information management; Information security; Personnel; Planning; Protection; Software standards;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Standardization and Innovation in Information Technology, 2007. SIIT 2007. 5th International Conference on
  • Conference_Location
    Calgary, AB
  • Print_ISBN
    978-1-4244-1495-6
  • Electronic_ISBN
    978-1-4244-1496-3
  • Type

    conf

  • DOI
    10.1109/SIIT.2007.4629320
  • Filename
    4629320