Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

International diffusion of the information security management system standard ISO/IEC 27001: Exploring the role of culture

: Mirtsch, Mona; Pohlisch, Jakob; Blind, Knut

Volltext ()

Rowe, F. ; Association for Information Systems -AIS-:
Twenty-Eighth European Conference on Information Systems, ECIS 2020. Proceedings. Online resource : June 15-17, 2020, Marrakech, Morocco
Marrakech, 2020
Paper 88, 18 S.
European Conference on Information Systems (ECIS) <28, 2020, Marrakech>
Konferenzbeitrag, Elektronische Publikation
Fraunhofer ISI ()
information security; international diffusion; standards; ISO / IEC 27001; preventive innovations; culture; GLOBE; ICT development index; management system standards

In the wake of digitalization, organizations are increasingly exposed to risks associated with security breaches and must take measures to preserve the confidentiality, integrity, and availability of information, and to ensure business continuity. The international standard ISO/IEC 27001 assists organizations in setting up, maintaining and continuously improving their information security management systems. However, despite high growth rates, its international diffusion rates are quite heterogeneous. This paper explores why the diffusion of the international management system standard ISO/IEC 27001 differs across countries. We classify the adoption of ISO/IEC 27001 as a ‘preventive organizational innovation’ and draw from diffusion studies of other management system standards and information security research to develop a set of hypotheses. These relate to the impact of cultural dimensions and national ICT development. We use a negative binomial regression model with panel data covering 57 countries over a 12-year period from 2006 to 2017 to test our hypotheses. We find that the cultural dimensions future orientation, power distance, and institutional collectivism as well as high ICT development are driving factors for the diffusion of ISO/IEC 27001. We derive policy recommendations and avenues for future research.