期刊名称:Issues in Informing Science and Information Technology
印刷版ISSN:1547-5840
电子版ISSN:1547-5867
出版年度:2012
卷号:9
页码:331-349
出版社:Informing Science Institute
摘要:ISO/IEC 27001 is the most used standard within the information security field. It is used by or-ganizations that manage information on behalf of others and it is applied to assure the protection of critical client information. In general, applying ISO standards could be costly and require ex-pert people. This paper introduces a survey study about using the standards in the UAE and de-tails three case studies on ISO 27001 implementation: One case study follows the ISO 27001 framework, and it is expanded by using additional management processes. The second case study integrates both ISO 27001 and ISO 20000 standards. The final case study details the certification process for ISO 27001 only. This research paper shows that the use of ISO 27001 in this region of the world is quite promising and puts the guidelines for any organization interested to apply this standard..
关键词:Information Security, ISO/IEC 27001, survey, case study, ISO 20000.
