Designing A National Adoption Policy Framework For ISO/IEC 27000 Standards Implementation In Namibia In

Subscribe to access this work and thousands more

ABSTRACT

To ensure that the information asset is protected and available to organisations, information security needs to be governed by security standards. The ISO/IEC 27000 family of standards is one such standard; it keeps information assets secure and provides an information security management best practices framework.

An exploratory pilot survey conducted in 2015 with the key stakeholders namely the Communications Regulatory Authority, Namibia Institute of Standards, Internet Service Providers and government departments revealed that these standards are not being implemented despite their importance. Based on the literature review and the pilot study, the extent to which the ISO/IEC 27000 implementation framework is adopted in Namibia was evaluated. The study focused on the implementation extent for ISO 27000, 27001, 27002, 27003 and 27004 as these are the critical standards to the security posture of any organisation. It was established that there is no adoption of the ISO 27000 standards using the gap analysis strategy. Design Science Research methodology was used for this study, which involved the creation of new knowledge through the design of new artefacts and analysis of the use and/or performance of such artefacts. A qualitative case study research approach with security critical organisations in Namibia was used to collect and analyse data for this study. Surveys and interviews were used to collect data from purposefully identified key stakeholders. The stakeholders offered rich information about the phenomenon under study. The survey results were used to evaluate the extent of implementation and the factors contributing to the poor implementation. It was found out that proper documentation, adequate budget, resistant to change etc. play a critical role in influencing the adoption of the standards. A theoretical framework for ISO 27000 was derived from the findings and literature. The theoretical framework was evaluated and all participants agreed with the theoretical framework components and the framework itself. The framework was refined and an ISO/IEC 27000 family of standard national adoption policy framework was designed.

The national adoption policy framework for ISO/IEC 27000 standards implementation specific to Namibia will secure critical assets, manage risks more effectively, improve and maintain customer confidence, demonstrate conformance to international best practices, avoid brand damage and change its information security posture as technology is evolving.

vii

Keywords: Information security, Information Security Management System, Information Security Policies, Policy framework, ISO/IEC 27000 series, Security policy

Subscribe to access this work and thousands more
Overall Rating

0

5 Star
(0)
4 Star
(0)
3 Star
(0)
2 Star
(0)
1 Star
(0)
APA

Tjirare, D (2021). Designing A National Adoption Policy Framework For ISO/IEC 27000 Standards Implementation In Namibia In. Afribary. Retrieved from https://afribary.com/works/designing-a-national-adoption-policy-framework-for-iso-iec-27000-standards-implementation-in-namibia-in

MLA 8th

Tjirare, Diana "Designing A National Adoption Policy Framework For ISO/IEC 27000 Standards Implementation In Namibia In" Afribary. Afribary, 01 May. 2021, https://afribary.com/works/designing-a-national-adoption-policy-framework-for-iso-iec-27000-standards-implementation-in-namibia-in. Accessed 29 Mar. 2024.

MLA7

Tjirare, Diana . "Designing A National Adoption Policy Framework For ISO/IEC 27000 Standards Implementation In Namibia In". Afribary, Afribary, 01 May. 2021. Web. 29 Mar. 2024. < https://afribary.com/works/designing-a-national-adoption-policy-framework-for-iso-iec-27000-standards-implementation-in-namibia-in >.

Chicago

Tjirare, Diana . "Designing A National Adoption Policy Framework For ISO/IEC 27000 Standards Implementation In Namibia In" Afribary (2021). Accessed March 29, 2024. https://afribary.com/works/designing-a-national-adoption-policy-framework-for-iso-iec-27000-standards-implementation-in-namibia-in