SWOT Analysis of Information Security Management System ISO 27001

Article


Akinyemi, I., Schatz, D. and Bashroush, R. 2020. SWOT Analysis of Information Security Management System ISO 27001. International Journal of Services Operations and Informatics. 10 (4), p. 305–329. https://doi.org/10.1504/IJSOI.2020.111297
AuthorsAkinyemi, I., Schatz, D. and Bashroush, R.
Abstract

Information security is a main concern for many organisations with no signs of decreasing urgency in the coming years. To address this a structured approach is required, with the ISO 27000 series being one of the most popular practices for managing Information Security. In this work, we used a combination of qualitative research methods to conduct a SWOT analysis on the ISMS. The findings from the SWOT were then validated using a survey instrument. Finally, the results were validated and analysed using statistical methods. Our findings show that there was a generally positive view on the 'Strengths' and 'Opportunities' compared to that of 'Weaknesses' and 'Threats'. We identified statistically significant differences in the perception of 'Strengths' and 'Opportunities' across groups but also found that there is no significant variance in the perception of 'Threats'. The SWOT produced will help practitioners and researchers tailor ways to enhance ISMS using existing techniques such as TOWS matrix.

JournalInternational Journal of Services Operations and Informatics
Journal citation10 (4), p. 305–329
ISSN1741-539X
Year2020
PublisherInderscience
Accepted author manuscript
License
Digital Object Identifier (DOI)https://doi.org/10.1504/IJSOI.2020.111297
Publication dates
Online06 Nov 2020
Publication process dates
Accepted02 Nov 2020
Deposited11 Nov 2020
Copyright holder© 2020 Inderscience Enterprises Ltd.
Permalink -

https://repository.uel.ac.uk/item/88qx1

Download files


Accepted author manuscript
  • 4371
    total views
  • 5940
    total downloads
  • 109
    views this month
  • 131
    downloads this month

Export as

Related outputs

Optimizing server refresh cycles: The case for circular economy with an aging Moore’s Law
Bashroush, R., Rteil, N., Kenny, R. and Wynne, A. 2020. Optimizing server refresh cycles: The case for circular economy with an aging Moore’s Law. IEEE Transactions on Sustainable Computing. 7 (1), pp. 189-200. https://doi.org/10.1109/TSUSC.2020.3035234
Case Studies for achieving a Return on Investment with a Hardware Refresh in Organizations with Small Data Centers
Doyle, J. and Bashroush, R. 2020. Case Studies for achieving a Return on Investment with a Hardware Refresh in Organizations with Small Data Centers. IEEE Transactions on Sustainable Computing. 6 (4), pp. 599-611. https://doi.org/10.1109/TSUSC.2020.3031450
Towards Efficient and Scalable Data-Intensive Content Delivery: State-of-the-Art, Issues and Challenges
Kilanioti, Irene, Fernández-Montes, Alejandro, Fernández-Cerero, Damián, Karageorgos, Anthony, Mettouris, Christos, Nejkovic, Valentina, Albanis, Nikolas, Bashroush, R. and Papadopoulos, George A. 2019. Towards Efficient and Scalable Data-Intensive Content Delivery: State-of-the-Art, Issues and Challenges. in: Kołodziej, Joanna and González-Vélez, Horacio (ed.) High-Performance Modelling and Simulation for Big Data Applications: Selected Results of the COST Action IC1406 cHiPSet Springer, Cham.
Security predictions — A way to reduce uncertainty
Schatz, D. and Bashroush, R. 2019. Security predictions — A way to reduce uncertainty. Journal of Information Security and Applications. 45, pp. 107-116. https://doi.org/10.1016/j.jisa.2019.01.009
Towards a More Representative Definition of Cyber Security
Schatz, Daniel, Bashroush, R. and Wall, J. 2017. Towards a More Representative Definition of Cyber Security. Journal of Digital Forensics, Security and Law. 12 (2), pp. 53-74. https://doi.org/10.15394/jdfsl.2017.1476
Representing Variability in Software Architecture: A Systematic Literature Review
Haider, U., Woods, E. and Bashroush, R. 2018. Representing Variability in Software Architecture: A Systematic Literature Review. International Journal of Software Engineering and Computer Systems. 4 (2), pp. 19-37. https://doi.org/10.15282/ijsecs.4.2.2018.2.0046
A Comprehensive Reasoning Framework for Hardware Refresh in Data Centers
Bashroush, R. 2018. A Comprehensive Reasoning Framework for Hardware Refresh in Data Centers. IEEE Transactions on Sustainable Computing. 3 (4), pp. 209-220. https://doi.org/10.1109/TSUSC.2018.2795465
The ALI Architecture Description Language
Haider, U., McGregor, John D. and Bashroush, R. 2018. The ALI Architecture Description Language. ACM SIGSOFT Software Engineering Notes. 43 (4), pp. 52-52. https://doi.org/10.1145/3282517.3282545
Integration operators for generating RDF/OWL-based user defined mediator views in a grid environment
Tawil, Abdel-Rahman H., Taweel, Adel, Naeem, U., Montebello, Matthew, Bashroush, R. and Al-Nemrat, A. 2014. Integration operators for generating RDF/OWL-based user defined mediator views in a grid environment. Journal of Intelligent Information Systems. 43 (1), pp. 1-32. https://doi.org/10.1007/s10844-013-0300-5
Jolinar: Analysing the Energy Footprint of Software Applications (demo)
Noureddine, A., Islam, S. and Bashroush, R. 2016. Jolinar: Analysing the Energy Footprint of Software Applications (demo). in: Proceedings of the 25th International Symposium on Software Testing and Analysis New York, NY, USA Association for Computing Machinery (ACM). pp. 445-448
Architectural Principles for Energy-Aware Internet-Scale Applications
Bashroush, R. and Woods, E. 2017. Architectural Principles for Energy-Aware Internet-Scale Applications. IEEE Software. 34 (3), pp. 14-17. https://doi.org/10.1109/MS.2017.60
CASE Tool support for variability management in software product lines
Bashroush, R., Garba, M., Rabiser, R., Groher, I. and Botterweck, G. 2017. CASE Tool support for variability management in software product lines. ACM Computing Surveys. 50 (Art. 14). https://doi.org/10.1145/3034827
gUML: Reasoning about Energy at Design Time by Extending UML Deployment Diagrams with Data Centre Contextual Information
Jebraeil, Nigar, Noureddine, A., Doyle, J., Islam, S. and Bashroush, R. 2017. gUML: Reasoning about Energy at Design Time by Extending UML Deployment Diagrams with Data Centre Contextual Information. in: 2017 IEEE World Congress on Services (SERVICES) IEEE. pp. In Press
Cloud Strife: Expanding the Horizons of Cloud Gaming Services
Doyle, J., Islam, S., Bashroush, R. and O'Mahony, Donal 2017. Cloud Strife: Expanding the Horizons of Cloud Gaming Services. in: 2017 IEEE World Congress on Services (SERVICES) IEEE.
MUSA: A Scalable Multi-Touch and Multi-Perspective Variability Management Tool
Garba, Muhammad, Noureddine, Adel and Bashroush, R. 2016. MUSA: A Scalable Multi-Touch and Multi-Perspective Variability Management Tool. in: 2016 13th Working IEEE/IFIP Conference on Software Architecture (WICSA) IEEE. pp. 299-302
Economic Valuation for Information Security Investment: A Systematic Literature Review
Schatz, Daniel and Bashroush, R. 2016. Economic Valuation for Information Security Investment: A Systematic Literature Review. Information Systems Frontiers. 19 (5), pp. 1205-1228. https://doi.org/10.1007/s10796-016-9648-8
Modelling large-scale information systems using ADLs – An industrial experience report
Woods, Eoin and Bashroush, R. 2014. Modelling large-scale information systems using ADLs – An industrial experience report. The Journal of Systems and Software. 99 (1), pp. 97-108.
The Impact Of Repeated Data Breach Events On Organisations’ Market Value
Schatz, Daniel and Bashroush, R. 2016. The Impact Of Repeated Data Breach Events On Organisations’ Market Value. Information and Computer Security. 24 (1), pp. 73-92.
Activities of daily life recognition using process representation modelling to support intention analysis
Naeem, U., Bashroush, R., Anthony, Richard, Azam, Muhammad Awais, Tawil, Abdel Rahman, Lee, S. and Mou-Ling, Dennis 2015. Activities of daily life recognition using process representation modelling to support intention analysis. International Journal of Pervasive Computing and Communications. 11 (3), pp. 347-371. https://doi.org/10.1108/IJPCC-01-2015-0002
Using an Architecture Description Language to Model a Large- Scale Information System – An Industrial Experience Report
Woods, Eoin and Bashroush, R. 2012. Using an Architecture Description Language to Model a Large- Scale Information System – An Industrial Experience Report. Proceedings of the Joint 10th Working IEEE/IFIP Conference on Software Architecture & 6th European Conference on Software Architecture. Helsinki Finland Aug 2012
The contribution of architecture description languages to the evaluation of software architectures
Bashroush, R., Spence, Ivor, Kilpatrick, Peter and Brown, John 2004. The contribution of architecture description languages to the evaluation of software architectures.
Using the NaSr Architectural Style to Solve the Broken Hyperlink Problem
Bashroush, R., Spence, Ivor, Kilpatrick, Peter and Brown, John 2004. Using the NaSr Architectural Style to Solve the Broken Hyperlink Problem.
Towards an Automated Evaluation Process for Software Architectures
Bashroush, R., Spence, Ivor, Kilpatrick, Peter and Brown, John 2004. Towards an Automated Evaluation Process for Software Architectures.
A Real-time Network Emulator: ADLARS Case Study
Bashroush, R., Spence, Ivor, Kilpatrick, Peter and Brown, John 2004. A Real-time Network Emulator: ADLARS Case Study.
A Network Architectural Style for Real-time Systems: NaSr
Bashroush, R., Spence, Ivor, Kilpatrick, Peter and Brown, John 2004. A Network Architectural Style for Real-time Systems: NaSr.
Deriving Product Architectures from an ADLARS Described Reference Architecture using Leopard
Bashroush, R., Spence, Ivor, Kilpatrick, Peter and Brown, John 2004. Deriving Product Architectures from an ADLARS Described Reference Architecture using Leopard.
Feature Guided Architecture Development for Embedded System Families
Brown, John, Bashroush, R., Gillan, Charles, Spence, Ivor and Kilpatrick, Peter 2005. Feature Guided Architecture Development for Embedded System Families.
A Generic Reference Software Architecture for Load Balancing Over Mirrored Web Servers: NaSr Case Study
Bashroush, R., Spence, Ivor, Kilpatrick, Peter and Brown, John 2005. A Generic Reference Software Architecture for Load Balancing Over Mirrored Web Servers: NaSr Case Study.
ADLARS: An Architecture Description Language for Software Product Lines
Bashroush, R., Spence, Ivor, Kilpatrick, Peter and Brown, John 2005. ADLARS: An Architecture Description Language for Software Product Lines.
Weaving Behaviour into Feature Models for Embedded System Families
Brown, John, Gawley, Rachel, Bashroush, R., Spence, Ivor, Kilpatrick, Peter and Gillan, Charles 2006. Weaving Behaviour into Feature Models for Embedded System Families.
Towards More Flexible Architecture Description Languages for Industrial Applications
Bashroush, R., Spence, Ivor, Kilpatrick, Peter and Brown, John 2006. Towards More Flexible Architecture Description Languages for Industrial Applications. in:
Towards Performance Related Decision Support for Model Driven Engineering of Enterprise SOA Applications
Fritzsche, M, Gilani, Wasif, Spence, Ivor, Kilpatrick, Peter, Brown, John and Bashroush, R. 2008. Towards Performance Related Decision Support for Model Driven Engineering of Enterprise SOA Applications. in: Schierferdecker, Ina and Hartman, Alan (ed.) Model Driven Architecture – Foundations and Applications Springer.
A Multiple Views Model for Variability Management in Software Product Lines
Bashroush, R., Spence, Ivor, Kilpatrick, Peter, Brown, John and Gillan, Charles 2008. A Multiple Views Model for Variability Management in Software Product Lines. Proceedings of the Second International Workshop on Variability Modelling of Software-intensive Systems (VaMoS2008). Essen, Germany 16 - 18 Jan 2008
ALI: An Extensible Architecture Description Language for Industrial Applications
Bashroush, R., Spence, Ivor, Kilpatrick, Peter, Brown, John, Gilani, Wasif and Fritzsche, M 2008. ALI: An Extensible Architecture Description Language for Industrial Applications. in: Springer.
Towards Performance Related Decision Support for Model Driven Engineering of Enterprise SOA Applications
Bashroush, R. and Spence, Ivor 2008. Towards Performance Related Decision Support for Model Driven Engineering of Enterprise SOA Applications. in: Proceedings of 15th IEEE International Conference on Engineering of Computer-Based Systems (ECBS) IEEE. pp. 57-65
A Scalable Multiple Perspective Variability Management CASE Tool
Bashroush, R. 2010. A Scalable Multiple Perspective Variability Management CASE Tool. 14th International Software Product Line Conference (SPLC). South Korea Sep 2010
A NUI Based Multiple Perspective Variability Modelling CASE Tool
Bashroush, R. 2010. A NUI Based Multiple Perspective Variability Modelling CASE Tool. in: Babar, Muhammad Ali and Gorton, IAn (ed.) Software Architecture: Proceedings of 4th European Conference, ECSA 2010, Copenhagen, Denmark, August 23-26, 2010 Springer.
Logical Reasoning and Decision Making
Ong, D, Khaddaj, Souheil and Bashroush, R. 2011. Logical Reasoning and Decision Making. 10th IEEE International Conference on Cybernetic Intelligent Systems. London Aug 2011
A Provisioning Model towards OAuth 2.0 Optimization
Nouriddine, Moustafa and Bashroush, R. 2011. A Provisioning Model towards OAuth 2.0 Optimization. 10th IEEE International Conference on Cybernetic Intelligent Systems. London Sep 2011
A Performance Optimization Model towards OAuth 2.0 Adoption in the Enterprise
Nouriddine, Moustafa and Bashroush, R. 2011. A Performance Optimization Model towards OAuth 2.0 Adoption in the Enterprise. Proceedings of the 7th International Conference on Global Security, Safety & Sustainability (ICGS3). Greece Aug 2011
Modality Cost Analysis: A Methodology for Cost Effective Datacenter Capacity Planning in the Cloud
Nouriddine, Moustafa and Bashroush, R. 2011. Modality Cost Analysis: A Methodology for Cost Effective Datacenter Capacity Planning in the Cloud.
Modality Cost Analysis Based Methodology for Cost Effective Datacenter Capacity Planning in the Cloud
Nouriddine, Moustafa and Bashroush, R. 2011. Modality Cost Analysis Based Methodology for Cost Effective Datacenter Capacity Planning in the Cloud. Ubiquitous Computing and Communication Journal.
Sufficiency of Windows Event log as Evidence in Digital Forensics
Ibrahim, Nurdeen, Al-Nemrat, Ameer, Jahankhani, Hamid and Bashroush, R. 2011. Sufficiency of Windows Event log as Evidence in Digital Forensics. Proceedings of the 7th International Conference on Global Security, Safety & Sustainability (ICGS3). Greece Aug 2011
GSi Compliant RAS for Public Private Sector Partnership
Fawzi, Fawzi and Bashroush, R. 2011. GSi Compliant RAS for Public Private Sector Partnership. Proceedings of the 7th International Conference on Global Security, Safety & Sustainability (ICGS3). Greece Aug 2011
Case Study: Using ADLARS to Design and Develop a Real-Time Network Emulator
Bashroush, R., Al-Nemrat, Ameer, Bachrouch, Mohammad and Spence, Ivor 2011. Case Study: Using ADLARS to Design and Develop a Real-Time Network Emulator. Proceedings of the International Conference on Information and Communication Systems (ICICS 2011). Jordan May 2011
Visualizing Variability Models Using Hyperbolic Trees
Bashroush, R., Al-Nemrat, Ameer, Bachrouch, Mohammad and Jahankhani, Hamid 2011. Visualizing Variability Models Using Hyperbolic Trees. Proceedings of the 23rd International Conference on Advanced Information Systems Engineering Forum(CAiSE Forum 2011). London Jun 2011
A Cost Effective Cloud Datacenter Capacity Planning Method Based on Modality Cost Analysis
Bashroush, R. and Nouriddine, Moustafa 2013. A Cost Effective Cloud Datacenter Capacity Planning Method Based on Modality Cost Analysis. International Journal of Communication Networks and Distributed Systems. 11 (3), pp. 250-261.
Challenges in the Application of Feature Modelling in Fixed Line Telecommunications
Gillan, Charles, Kilpatrick, Peter, Spence, Ivor, Brown, T. John, Bashroush, R. and Gawley, Rachel 2007. Challenges in the Application of Feature Modelling in Fixed Line Telecommunications. Proceedings of the First International Workshop on Variability Modelling of Software-intensive Systems (VaMoS 2007), Lemrick, Ireland, Jan 16 -18, 2007. C Gillan
Using a Software Product Line Approach in Designing Grid Services
Bashroush, R. and Perrott, Ronald 2005. Using a Software Product Line Approach in Designing Grid Services. 4th UK e-Science All Hands Meeting (AHM2005). Nottingham, UK Sep 2005
Requirements Modelling and Design Notations for Software Product Lines
Brown, T. John, Gawley, Rachel, Spence, Ivor, Kilpatrick, Peter, Gillan, Charles and Bashroush, R. 2007. Requirements Modelling and Design Notations for Software Product Lines. Proceedings of the First International Workshop on Variability Modelling of Software-intensive Systems (VaMoS2007), Lemrick, Ireland, Jan 16-18, 2007. T J. Brown