Article: SWOT analysis of information security management system ISO 27001 Journal: International Journal of Services Operations and Informatics (IJSOI) 2020 Vol.10 No.4 pp.305 - 329 Abstract: Information security is a main concern for many organisations with no signs of decreasing urgency in the coming years. To address this a structured approach is required, with the ISO 27000 series being one of the most popular practices for managing Information Security. In this work, we used a combination of qualitative research methods to conduct a SWOT analysis on the ISMS. The findings from the SWOT were then validated using a survey instrument. Finally, the results were validated and analysed using statistical methods. Our findings show that there was a generally positive view on the 'Strengths' and 'Opportunities' compared to that of 'Weaknesses' and 'Threats'. We identified statistically significant differences in the perception of 'Strengths' and 'Opportunities' across groups but also found that there is no significant variance in the perception of 'Threats'. The SWOT produced will help practitioners and researchers tailor ways to enhance ISMS using existing techniques such as TOWS matrix. Inderscience Publishers - linking academia, business and industry through research

Title: SWOT analysis of information security management system ISO 27001

Authors: Iretioluwa Akinyemi; Daniel Schatz; Rabih Bashroush

Addresses: School of Architecture, Computing and Engineering (ACE), University of East London, Docklands Campus, 4-6 University Way, London E16 2RD, UK ' School of Architecture, Computing and Engineering (ACE), University of East London, Docklands Campus, 4-6 University Way, London E16 2RD, UK ' School of Architecture, Computing and Engineering (ACE), University of East London, Docklands Campus, 4-6 University Way, London E16 2RD, UK

Abstract: Information security is a main concern for many organisations with no signs of decreasing urgency in the coming years. To address this a structured approach is required, with the ISO 27000 series being one of the most popular practices for managing Information Security. In this work, we used a combination of qualitative research methods to conduct a SWOT analysis on the ISMS. The findings from the SWOT were then validated using a survey instrument. Finally, the results were validated and analysed using statistical methods. Our findings show that there was a generally positive view on the 'Strengths' and 'Opportunities' compared to that of 'Weaknesses' and 'Threats'. We identified statistically significant differences in the perception of 'Strengths' and 'Opportunities' across groups but also found that there is no significant variance in the perception of 'Threats'. The SWOT produced will help practitioners and researchers tailor ways to enhance ISMS using existing techniques such as TOWS matrix.

Keywords: ISMS; information security management systems; ISO 27001; information security risk management; security control framework; IT audit; SWOT; qualitative research; cyber security.

DOI: 10.1504/IJSOI.2020.111297

International Journal of Services Operations and Informatics, 2020 Vol.10 No.4, pp.305 - 329

Received: 16 Feb 2020
Accepted: 22 Mar 2020
Published online: 18 Nov 2020 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: SWOT analysis of information security management system ISO 27001

Keep up-to-date