ISO/IEC 27000 Certification Impact on The Effectiveness of Managing an Educational Organization

Adam KOSTULAK

University of Gdansk, Gdansk, Poland

Abstract

The article refers to the most important methodologies for managing information systems to which ISO/IEC 2700 standards belong. Although the literature on this issue is quite rich, an area has been identified that has a great need for system solutions in the field of standardization. These are educational organizations. There is a need for research and published solutions in this area. Based on the implementation of the author’s model of information processes in a higher education institution, it was decided to study the effects of this implementation in a real facility. In order to obtain information to evaluate the impact of the implementation of an ISMS based on ISO 27001 (with appropriate modifications), a case study was selected as the research method. Main result is the conclusion that the path of development of information security management systems is through achieving process maturity of the organization itself in which a significant contribution can be made by starting this transformation with the application of process reference models including information systems security reference models.

Keywords: ISO 2700, Information Security, ISMS, Management Systems
Shares