摘要:Cyberattacks and an increasingly stringent legislative environment require organizations to effectively implement information security. Standards and legislation set the requirements, i.e., 'WHAT should be met?' to achieve the expected level of information security, but do not adequately address the question 'HOW to comply?' It is often the case that the information security management system (ISMS) meets the requirements of laws and standards, but it’ rules and procedures cannot be enforced and implemented in practice. Therefore, it does not provide the necessary level of protection for the information handled by the organization. So, it became increasingly important to identify the factors that make impossible for information security to be implemented effectively in organizations.
关键词:Information Security;Management Systems;Information Security Gaps;Information Security Problems;Problem Groups
