Improving the quality of information security management systems with ISO27000

The TQM Journal

Volumn 23, Issue 4, 2011, Pages 367-376

  Gillies, Alan ^a  

^a Hope Street Centre ^*  (United Kingdom)

Author keywords

Incremental approach; Information security; ISO 9000 series; ISO14000; ISO27001; Total quality management

Indexed keywords

BARRIERS TO ADOPTION; CODE OF PRACTICE; DESIGN/METHODOLOGY/APPROACH; INCREMENTAL APPROACH; INFORMATION SECURITY MANAGEMENT SYSTEMS; ISO 14001; ISO 9000 SERIES; ISO 9001; ISO-9000; ISO14000; ISO27001; MANAGEMENT SYSTEMS; MATURITY MODEL; QUALITY OF INFORMATION; STEP-BY-STEP;

INDUSTRIAL MANAGEMENT; SECURITY OF DATA; STANDARDS; TOTAL QUALITY MANAGEMENT;

INFORMATION MANAGEMENT;

EID: 79959901013     PISSN: 17542731     EISSN: None     Source Type: Journal    
DOI: 10.1108/17542731111139455     Document Type: Article

References (18)

1. Backhouse, J., Hsu, C.W. and Silva, L. (2006), “Circuits of power in creating de jure standards: shaping an international information systems security standard”, MIS Quarterly, Vol. 30, (special issue: Standard making: a critical research frontier for information systems research), pp. 413-38.
2. BS ISO (2005a), “BS ISO 27001 Information technology – security techniques – information security management systems – requirements”, British Standards Institute, London, ISBN 0 580 46781 3.
3. BS ISO (2005b), “BS ISO 27002 Information technology – security techniques – code of practice for information security management”, British Standards Institute, London, ISBN 978 0 580 59729 9 (Identifier of standard renumbered from (BS) ISO/IEC 17799 to (BS) ISO/IEC 27002, July 2007).
4. Certification Europe (2008), ISO 27001 Global Survey: The Facts and the Figures Underlying the Growth of ISO 27001 World-wide, Certification Europe, Dublin.
5. Data Protection Act (1998), Chapter 29, The Stationery Office, London.
6. Davis, C., Gillies, A.C., Smith, P. and Thompson, J.B. (1993), “Current quality assurance practice amongst software developers in the UK”, Software Quality Journal, Vol. 2 No. 3, pp. 145-61.
7. European Parliament (1995), “On the protection of individuals with regard to the processing of personal data and on the free movement of such data”, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995, Official Journal L 281, 23 November, pp. 0031-50.
8. Fomin, V.V., Kaunas, L., de Vries, H.J.Y. and Barlette, Y. (2008), “ISO/IEC 27001 information systems security management standard: exploring the reasons for low adoption”, paper presented at the 3rd European Conference on Management of Technology, Industry-University Collaborations in Techno Parks, Nice, France, September 2008.
9. Howard, J. (2010), “Competent to innovate: an approach to personal development to improve innovation competency in SMEs”, Proceedings of the 5th European Conference on Entrepreneurship & Innovation, Athens, Greece, in press.
10. Howard, J. and Gillies, A.C. (2009), “Knowledge to innovate: developing a tool to assess and assist the development of the capacity to innovate in small and medium-sized enterprises”, Proceedings of the 4th European Conference on Entrepreneurship & Innovation, Antwerp, Belgium, pp. 206-14.
11. Humphrey, W.S. (1989), Managing the Software Process, Addison-Wesley, Reading, MA.
12. Paulk, M.C. (1995), “How ISO 9001 compares with the CMM”, IEEE Software, Vol. 12 No. 1, pp. 74-83.
13. Rodríguez-Escobar, J.A., Gonzalez-Benito, J. and Martínez-Lorente, A.R. (2006), “An analysis of the degree of small companies' dissatisfaction with ISO 9000 certification”, Total Quality Management & Business Excellence, Vol. 17 No. 4, pp. 507-21.
14. Saint-Germain, R. (2005), “Information security management best practice based on ISO/IEC 17799”, Information Management Journal, Vol. 39 No. 4, pp. 60-6.
15. Shewhart, W.A. (1939), Statistical Method from the Viewpoint of Quality Control (out of print: most recent edition: 1987, Dover Publications).
16. von Solms, B. and von Solms, R. (2005), “From information security to … business security”, Computers & Security, Vol. 24 No. 4, pp. 271-3.
17. Gillies, A.C. (2008), “The legal and ethical changes in the NHS landscape accompanying the policy shift from paper-based health records to electronic health records”, Studies in Ethics, Law and Technology, Vol. 2 No. 1, p. 4.
18. Humphrey, W.S. (1987), “Characterising the software process: a maturity framework”, Software Engineering Institute, CMU/SEI-87-TR-11, DTIC Number ADA182895.