Volume 6, Number 1, 2021, 09 – 17

Information Security Management Systems - Evolving Landscape & ISO 27001: An Empirical Study


Anil K. Makhija, MBA.
Associate Professor, CamEd Business School
Email: [email protected]


Received: January 2021
Revised: March 2021
Accepted: June 2021


In order to strengthen the partnership both economically and politically among countries in the region, the Belt and Road Initiative (BRI) was introduced and implemented since 2013 by the People Republic of China. Information technology has become an integral part of all business activities. Managing information security has been a key aspect in ensuring that increased information security risks (due to reliance on IT) are managed effectively. The reliance on digital and technology platforms has increased even further due to pandemic driven changes. This has led to higher information security risk exposure of organizations and their employees and their customers. Organizations use various frameworks to design and implement information security management systems, with ISO 27001 standard being the leading framework. Past researches in ISMS and leveraging ISO 27001 have had limitation of single country focus, Further there is limited research on relevance of ISO 27001 in evolving paradigm of computing shift. This global research presents an empirical study, based on inputs from industry practitioners, reflecting the key drivers for ISO 27001 implementation and certification, investigates pattern in those drivers based on size of the organization and examines the relevance of ISO 27001 both as framework and / or certification in the evolving scenario of cloud. Findings of the research indicate that the top reason for ISO 27001 implementation and certification is “compliance”, followed by “business value”, “competitive edge”, and “breach reduction” in that order. Findings also indicate that focus on information security is increasing and ISO 27001 implementation provides an effective ISMS and ISO 27001 certification helps organizations in improving their trustworthiness in keeping information secure.

Keywords: Information system, security, management system, information technology

Read full text

Cite this article in APA 7

Makhija, A., K. (2021). Information security management systems – evolving landscape & ISO 27001: An empirical study. JAFESS, 6(1), 9 – 17.

Online citation generator by    Scribbr    QuillBot

Except where otherwise noted, content in JAFESS and CamEd OAR © 2016 by CamEd Business School is licensed under CC BY 4.0