Abstract
In the light of digitalization and recent EU policy initiatives, information is an important asset that organizations of all sizes and from all sectors should secure. However, in order to provide common requirements for the implementation of an information security management system, the internationally well-accepted ISO/IEC 27001 standard has not shown the expected growth rate since its publication more than a decade ago. In this article, we apply web mining to explore the adoption of ISO/IEC 27001 through a series of 2664 out of more than 900 000 German firms from the Mannheim Enterprise Panel dataset that refers to this standard on their websites. As a result, we present a ``landscape'' of ISO/IEC 27001 in Germany, which shows that firms not only seek certifications themselves but often refer on their websites to partners who are certified instead. Consequently, we estimate a probit model and find that larger and more innovative firms are more likely to be certified to ISO/IEC 27001 and that almost half of all certified firms belong to the information and communications technology (ICT) service sector. Based on our findings, we derive implications for policy makers and management and critically assess the suitability of web mining to explore the adoption of management system standards.
Highlights
I N ADDITION to the advantages of digitalization, the growing connectivity entails risk with regard to information security [1]–[3]
We summarize our findings, outline the limitations of our article, and discuss the suitability of web mining to explore the adoption of International Organization of Standardization (ISO)/International Electrotechnical Commission (IEC) 27001 and management system standards in general, including the need for further research
Only in the case of ISO/IEC 27001, the number of firms referring to this standard on their website is larger than the number of valid certificates according to the ISO survey [60]
Summary
I N ADDITION to the advantages of digitalization, the growing connectivity entails risk with regard to information security [1]–[3]. Become a Manuscript received September 2, 2019; revised December 20, 2019; accepted January 29, 2020. Date of publication April 30, 2020; date of current version November 13, 2020. Review of this manuscript was arranged by Department Editor E.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
