Purpose – After 15 years of research, this paper aims to present a review of the academic literature on the ISO/ IEC 27001, the most renowned standard for information security and the third most widespread ISO certification. Emerging issues are reframed through the lenses of social systems thinking, deriving a theory- based research agenda to inspire interdisciplinary studies in the field. Design/methodology/approach – The study is structured as a systematic literature review. Findings – Research themes and sub-themes are identified on five broad research foci: relation with other standards, motivations, issues in the implementation, possible outcomes and contextual factors. Originality/value – The study presents a structured overview of the academic body of knowledge on ISO/IEC 27001, providing solid foundations for future research on the topic. A set of research opportunities is outlined, with the aim to inspire future interdisciplinary studies at the crossroad between information security and quality management. Managers interested in the implementation of the standard and policymakers can find an overview of academic knowledge useful to inform their decisions related to implementation and regulatory activities.

(2021). The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda [journal article - articolo]. In THE TQM JOURNAL. Retrieved from https://hdl.handle.net/10446/271818

The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda

Podrecca, Matteo;
2021-01-01

Abstract

Purpose – After 15 years of research, this paper aims to present a review of the academic literature on the ISO/ IEC 27001, the most renowned standard for information security and the third most widespread ISO certification. Emerging issues are reframed through the lenses of social systems thinking, deriving a theory- based research agenda to inspire interdisciplinary studies in the field. Design/methodology/approach – The study is structured as a systematic literature review. Findings – Research themes and sub-themes are identified on five broad research foci: relation with other standards, motivations, issues in the implementation, possible outcomes and contextual factors. Originality/value – The study presents a structured overview of the academic body of knowledge on ISO/IEC 27001, providing solid foundations for future research on the topic. A set of research opportunities is outlined, with the aim to inspire future interdisciplinary studies at the crossroad between information security and quality management. Managers interested in the implementation of the standard and policymakers can find an overview of academic knowledge useful to inform their decisions related to implementation and regulatory activities.
articolo
2021
Culot, Giovanna; Nassimbeni, Guido; Podrecca, Matteo; Sartor, Marco
(2021). The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda [journal article - articolo]. In THE TQM JOURNAL. Retrieved from https://hdl.handle.net/10446/271818
File allegato/i alla scheda:
File Dimensione del file Formato  
Culot et al., 2021.pdf

accesso aperto

Versione: publisher's version - versione editoriale
Licenza: Creative commons
Dimensione del file 675.56 kB
Formato Adobe PDF
675.56 kB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10446/271818
Citazioni
  • Scopus 37
  • ???jsp.display-item.citation.isi??? 23
social impact