MIN-ITs: A Framework for Integration of IT Management Standards in Mature Environments

Mesquida, Antoni Lluís; Mas, Antònia; Feliú, Tomás San; Arcilla, Magdalena

doi:10.1142/s0218194014400026

Cited by 6 publications

(4 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…German organizations have been considered in three papers (Beckers et al, 2013;Mirtsch et al, 2020Mirtsch et al, , 2021. Spain (Pardo et al, 2013;Mesquida et al, 2014), Iran (Rezaei et al, 2014;Khajouei et al, 2017), Taiwan (Ku et al, 2009;Liao and Chueh, 2012) and Turkey (Bas ¸aran, 2016;Ozkan and Karabacak, 2010) follow with two contributions each. Surprisingly, except for the German case, the focus of the studies is not consistent with the diffusion of the standard; many of the countries with the highest number of issued ISO/IEC 27001 certificates (ISO, 2021) have never been considered (e.g.…”

Section: Iso/iec 27001mentioning

confidence: 99%

Forecasting the diffusion of ISO/IEC 27001: a Grey model approach

Podrecca

Sartor

2023

TQM

View full text Add to dashboard Cite

PurposeThe aim of this paper is to present the first diffusion analysis of ISO/IEC 27001, the fourth most popular ISO certification at global level and the most important standard for information security.Design/methodology/approachTo achieve the purposes, the authors applied Grey Models (GM) – Even GM (1,1), Even GM (1,1,α,θ), Discrete GM (1,1), Discrete GM (1,1,α) – complemented by the relative growth rate and the doubling time indexes on the six most important countries in terms of issued certificates.FindingsResults show that a growing trend is likely to be expected in the years to come and that China will lead at country level.Originality/valueThe study contributes to the scientific debate by presenting the first diffusive analysis of ISO/IEC 27001 and by proposing a forecasting approach that to date has found little application in the field of international standards.

show abstract

Section: Iso/iec 27001mentioning

confidence: 99%

Forecasting the diffusion of ISO/IEC 27001: a Grey model approach

Podrecca

Sartor

2023

TQM

View full text Add to dashboard Cite

show abstract

“…Against these challenges, several papers (17 contributions, 23%) suggest harmonization methods, also supported by empirical testing (e.g. Pardo et al, 2012Pardo et al, , 2013Mesquida et al, 2014;Bettaieb et al, 2019). The issues addressed in these studies are diverse.…”

Section: Characteristics Of the Literaturementioning

confidence: 99%

“…The issues addressed in these studies are diverse. Tarn et al (2009), Rezakhani et al (2011), Tsohou et al (2010), Pardo et al (2012), Leszczyna (2019) and Al-Karaki et al (2020) present a framework for the categorization of various ISS standards; along the same lines, Mesquida et al (2014) and Pardo et al (2013, 2016) approach ISO standards related to software quality, IT service management and ISS. Seven papers (Susanto et al , 2011; Montesino et al , 2012; Sheikhpour and Modiri, 2012a, b; Mukhtar and Ahmad, 2014; Bettaieb et al , 2019; Faruq et al , 2020) focus specifically on the alignment between the security controls recommended by ISO/IEC 27001 with other standards.…”

Section: Thematic Findingsmentioning

confidence: 99%

The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda

Culot

Nassimbeni

Podrecca

et al. 2021

TQM

View full text Add to dashboard Cite

PurposeAfter 15 years of research, this paper aims to present a review of the academic literature on the ISO/IEC 27001, the most renowned standard for information security and the third most widespread ISO certification. Emerging issues are reframed through the lenses of social systems thinking, deriving a theory-based research agenda to inspire interdisciplinary studies in the field.Design/methodology/approachThe study is structured as a systematic literature review.FindingsResearch themes and sub-themes are identified on five broad research foci: relation with other standards, motivations, issues in the implementation, possible outcomes and contextual factors.Originality/valueThe study presents a structured overview of the academic body of knowledge on ISO/IEC 27001, providing solid foundations for future research on the topic. A set of research opportunities is outlined, with the aim to inspire future interdisciplinary studies at the crossroad between information security and quality management. Managers interested in the implementation of the standard and policymakers can find an overview of academic knowledge useful to inform their decisions related to implementation and regulatory activities.

show abstract

“…Some integration models and approaches have been tackled [8,9] with a model proposition for integrating management systems [10], mainly driven by the ISO 9001 QMS implementation in a large number of companies.…”

Section: Related Workmentioning

confidence: 99%

How to Integrate Risk Management in IT Settings Within Management Systems? Comparison and Integration Perspectives from ISO Standards

Barafort

Mesquida

Mas

2016

Communications in Computer and Information Science

Self Cite

View full text Add to dashboard Cite

Abstract. With the omnipresence of IT in any business, risk management is a critical and central activity. IT companies or IT department in companies may seek certification against one or several management system standard(s). Then risk management have to be tackled in the context of the domain targeted by each management system. This paper is investigating how risk management could be integrated from several ISO standards that are relevant for IT settings: quality management, project management, IT service management and information security management. Based on the reference standard ISO 31000 dedicated to risk management, a comparison is performed in order to identify risk management related activities in the ISO high level structure for management system standards, ISO 9001, ISO 21500, ISO/IEC 20000-1 and ISO/IEC 27001, and to elicit integration vectors. The paper concludes on future works aiming at proposing a process reference and assessment model for integrating risk management activities.

show abstract

MIN-ITs: A Framework for Integration of IT Management Standards in Mature Environments

Cited by 6 publications

References 18 publications

Forecasting the diffusion of ISO/IEC 27001: a Grey model approach

Forecasting the diffusion of ISO/IEC 27001: a Grey model approach

The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda

How to Integrate Risk Management in IT Settings Within Management Systems? Comparison and Integration Perspectives from ISO Standards

Contact Info

Product

Resources

About