Journal of Information Systems and Informatics (Nov 2023)
Evaluation the Information Security Management System: A Path Towards ISO 27001 Certification
Abstract
This study addresses the urgent need for robust data security by evaluating the Information Security Management System (ISMS) of a private contractor poised for ISO 27001 certification. It introduces the context of pervasive data breaches that necessitate stringent security measures. Employing a mixed-methods approach, the research method combines the KAMI index for quantitative maturity assessment with qualitative insights from staff interviews and literature reviews. The results reveal the contractor's ISMS maturity at levels I+ to II, indicating a shortfall in meeting the ISO 27001 benchmark. The discussion highlights the efficacy of the PDCA cycle in ISMS implementation, but also underscores the imperative for enhancements to fulfill certification requirements.
Keywords