ABSTRACT

Information technology has become an integral part of all business activities. Managing information security has been a key aspect in ensuring that increased information security risks (due to reliance on IT) are managed effectively. The reliance on digital and technology platforms has increased even further due to pandemic driven changes. This has led to higher information security risk exposure of organizations and their employees and their customers. Organizations use various frameworks to design and implement information security management systems, with ISO 27001 standard being the leading framework. Past researches in ISMS and leveraging ISO 27001 have had limitation of single country focus, Further there is limited research on relevance of ISO 27001 in evolving paradigm of computing shift. This global research presents an empirical study, based on inputs from industry practitioners, reflecting the key drivers for ISO 27001 implementation and certification, investigates pattern in those drivers based on size of the organization and examines the relevance of ISO 27001 both as framework and / or certification in the evolving scenario of cloud. Findings of the research indicate that the top reason for ISO 27001 implementation and certification is “compliance”, followed by “business value”, “competitive edge”, and “breach reduction” in that order. Findings also indicate that focus on information security is increasing and ISO 27001 implementation provides an effective ISMS and ISO 27001 certification helps organizations in improving their trustworthiness in keeping information secure.