Call for Paper - April 2020 Edition
IJCA solicits original research papers for the April 2020 Edition. Last date of manuscript submission is March 20, 2020. Read More

Information Security Management System

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2017
Sahar Al-Dhahri, Manar Al-Sarti, Azrilah Abdul Aziz

Sahar Al-Dhahri, Manar Al-Sarti and Azrilah Abdul Aziz. Information Security Management System. International Journal of Computer Applications 158(7):29-33, January 2017. BibTeX

	author = {Sahar Al-Dhahri and Manar Al-Sarti and Azrilah Abdul Aziz},
	title = {Information Security Management System},
	journal = {International Journal of Computer Applications},
	issue_date = {January 2017},
	volume = {158},
	number = {7},
	month = {Jan},
	year = {2017},
	issn = {0975-8887},
	pages = {29-33},
	numpages = {5},
	url = {},
	doi = {10.5120/ijca2017912851},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}


The ISO27001 is an information security management system (ISMS). It is helps the organizations to manage the security of assets. However, the ISO27001 is the best-known standard providing requirements for an information security management system (ISMS). In 2015, based on ISO survey, ISO/IEC 27001 saw a 20% increase to 27,536 certificates worldwide [13]


  1. ENISA (European Network and Information Security Agency), “Risk Management /Risk Assessment “ (available on-line at
  2. Walid Al-Ahmad and Bassil Mohammad. Addressing information security risks by adopting standards. International Journal of Information Security Science, 2(2):28_43, 2013.
  3. Tom Carlson, HF Tipton, and M Krause. Understanding Information Security Management Systems. Auerbach Publications Boca Raton, FL, 2008.
  4. Vladislav V Fomin, H Vries, and Y Barlette. Iso/iec 27001 information systems security management standard: exploring the reasons for low adoption. In Proceedings of The third European Conference on Management of Technology (EUROMOT), 2008.
  5. Kwo-Shing Hong, Yen-Ping Chi, Louis R Chao, and Jih-Hsing Tang. An integrated system theory of information security management. Information Management & Computer Security, 11(5):243_248, 2003.
  6. Ted Humphreys. State-of-the-art information security management systems with iso/iec 27001: 2005. ISO Management Systems, 6(1), 2006.
  7. G Pavlov and J Karakaneva. Information security management system in organization. Trakia Journal of Sciences, 9(4):20_25, 2011.
  8. Madhav Sinha and Alan Gillies. Improving the quality of information security management systems with iso27000. The TQM Journal, 23(4):367_376, 2011.
  9. The ISO Survey of Management System Standard Certi_cations 2015 (Accessed: 11 December 2016).
  10. ISO/IEC 17799 (2005) _Information technology - Security techniques - Code of practice for information security management_.
  11. ISO/IEC 27001(2005) _Information technology - Security techniques - Information security management systems _ Requirements_.
  12. Debi Ashenden. Information security management: A human challenge? Information security technical report, 13(4):195_201, 2008.
  13. I. (n.d.). The ISO Survey of Management System Standard Certifications 2015. Retrieved December 2, 2016, from
  14. S. (n.d.). Security Incident Management. Retrieved December 10, 2016, from
  15. Information Security Management System ISO 27001:2005. (2015). Retrieved December 2, 2016, from,


Information Security, Information Security Management, Total quality management, Information security, Incremental approach