1 School of Business, Technology and Health Care Administration Capella University, Minneapolis, MN, USA 55402.
2 University College of Commerce & Business Management Kakatiya University, Warangal, India.
3 Department of Information Technology Services, Washburn University, Topeka, KS, USA.
4 School of Cybersecurity & Information Technology, University of Maryland Global Campus.
Review Article
World Journal of Advanced Research and Reviews, 2024, 24(01), 2582–2595
Received on 08 September 2024; revised on 19 October 2024; accepted on 21 October 2024
The increasing frequency and sophistication of cyber threats have made organizations need to adopt robust cybersecurity frameworks. ISO security standards, particularly the ISO/IEC 27000 series, play a critical role in enhancing organizations' cybersecurity posture worldwide. These standards provide a systematic approach to managing sensitive information, ensuring its confidentiality, integrity, and availability. ISO/IEC 27001, which focuses on establishing an Information Security Management System (ISMS), is widely recognized for its ability to help organizations identify, manage, and mitigate cybersecurity risks. By adopting ISO standards, organizations benefit from improved risk management, enhanced incident response capabilities, and stronger alignment with regulatory compliance requirements, such as GDPR and HIPAA.
In addition, ISO security standards promote a security-first culture within organizations, fostering greater employee awareness and encouraging the consistent implementation of best practices across departments and regions. The adoption of standards like ISO/IEC 27001 (Information security, cybersecurity and privacy protection), ISO/IEC 27018 (Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors), ISO/IEC 27017 (code of practice for information security controls based on ISO/IEC 27002 for Cloud services), ISO/IEC 27015 (Information security management guidelines for financial services) ISO/IEC 27002 (Information security, cybersecurity and privacy protection - Information security controls), and ISO/IEC 27701 (Security techniques- Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – requirements and guidelines) has demonstrated significant improvements in data protection, especially in industries handling sensitive personal or financial data. Despite their benefits, implementing ISO standards poses challenges, such as resource constraints, scalability, and the need for continuous updates. As the threat landscape evolves, ISO security standards will remain integral to developing a proactive cybersecurity strategy, integrating with emerging technologies such as artificial intelligence and IoT. The global adoption of these standards reflects their pivotal role in securing the digital infrastructure of modern organizations.
ISO Security; Cybersecurity; Organizations; Standards
Preview Article PDF
Adebola Folorunso, Viqaruddin Mohammed, Ifeoluwa Wada and Bunmi Samuel. The impact of ISO security standards on enhancing cybersecurity posture in organizations. World Journal of Advanced Research and Reviews, 2024, 24(1), 2582-2595. Article DOI: https://doi.org/10.30574/wjarr.2024.24.1.3169