Publication: SWOT analysis of information security management system ISO 27001

Publication of this paper I co-authored took quite a while, but it is finally being published in the upcoming issue of the International Journal of Services Operations and Informatics.

Abstract: Information security is a main concern for many organisations with no signs of decreasing urgency in the coming years. To address this a structured approach is required, with the ISO 27000 series being one of the most popular practices for managing Information Security. In this work, we used a combination of qualitative research methods to conduct a SWOT analysis on the ISMS. The findings from the SWOT were then validated using a survey instrument. Finally, the results were validated and analysed using statistical methods. Our findings show that there was a generally positive view on the ‘Strengths’ and ‘Opportunities’ compared to that of ‘Weaknesses’ and ‘Threats’. We identified statistically significant differences in the perception of ‘Strengths’ and ‘Opportunities’ across groups but also found that there is no significant variance in the perception of ‘Threats’. The SWOT produced will help practitioners and researchers tailor ways to enhance ISMS using existing techniques such as TOWS matrix.

Keywords: ISMS; information security management systems; ISO 27001; information security risk management; security control framework; IT audit; SWOT; qualitative research; cyber security.

DOI: 10.1504/IJSOI.2020.10033450

Thanks to Iretioluwa Akinyemi and Dr. Rabih Bashroush for the collaboration on this.