The Effects of Cultural Dimensions on the Development of an ISMS Based on the ISO 27001

The ISO 27001 is the most adopted international information security management standard, by several countries and industries. This paper looks closely to the impacts of cultural characteristics on different phases of developing ISO 27001, based on three levels (country, organisational, and personal), which is especially helpful for Small and Medium Enterprises (SMEs). Cultural dimensions can significantly affect organisational administration and achievements such as decision-making, innovation and new practices, work motivation, negotiation, human resource practices, and leadership. The results are mainly based on a literature review, such as Hofstede and their relationship with the ISO 27001 Annex A. The outcomes of this paper illustrate that national (country level) cultural dimensions have high impact on the success and effectiveness of the ISO 27001 development phases.