Characteristics of Information Security Implementation Methods

However information security is supported by national and international recommendations, standards and laws, their implementation fail to deliver the expected results in several cases. In our fast changing world information plays a central role in the operation of organisations. Implementation of information security it is a must for organisations in order to maintain and improve their competitiveness. Companies are working to attain information security by implementing the requirements of ISO/IEC 27001 standard. Governmental institutes follow the instructions of implementing regulations of the legislation in place. The failure of organisations in attaining information security may have several reasons. Our research in this topic reveals that several times the Information Security Management System (ISMS) implemented does not fit the operation of the organisation, its regulations are not applied or simply are not brought into force. There are several ways to implement information security. The most commonly adopted way of implementation is the development of an ISMS and building information security measures around it. Some organisations develop integrated management systems, others implement information security measures in their organisational processes. Applied methods have impact on the effectiveness of implemented information security systems. This study uncovers the most common deficiencies of ISMS. Analyses and compares the most commonly adopted implementation methods based on the acquired professional experience and scientific literature considered relevant by the author. Comparative analysis, uncovers the strengths and weaknesses of applicability and risk of these implementation methods in different operating environments. As a result organisations may use the outcomes in selecting implementation methods to attain information security and handle their risks successfully.