Implementation of ISO 27001 in Saudi Arabia – obstacles, motivations, outcomes, and lessons learned

Protecting information assets is very vital to the core survival of an organization. With the increase in cyberattacks and viruses worldwide, it has become essential for organizations to adopt innovative and rigorous procedures to keep these vital assets out of the reach of exploiters. Although complying with an international information security standard such as ISO 27001 has been on the rise worldwide, with over 7000 registered certificates, few companies in Saudi Arabia are ISO 27001 certified. In this paper, we explore the motives, obstacles, challenges, and outcomes for a Saudi organization during their implementation of ISO 27001, with the goal of shedding some light on the reason behind the low adoption of the ISO 27001 certification standard in the region of study. While customer satisfaction and good partner relationships are essential for an organization’s survival, strikingly, none of the organizations interviewed indicated that their goals included meeting consumer requirements or a partner’s mandates

ISO standards and quality costs as instruments of Companies’Competitive advantage

This article examines the selected instruments of quality policy. The importance of quality changes over time, because nowadays it is seen not as a target but as a way of functioning of the entire organization. The company, which can operate in a competitive market, must invest in quality. Evaluation of the effectiveness of the quality management system can be developed by analyzing the cost of a quality that can draw attention to the prevention of deficiency

Design and modeling of processes through eTOM, ITIL and ISO 27001 for a telecommunications company

This project deals with the design and modeling of the processes that make up a company in order to achieve the proposed objectives of quality improvement and organization, in the most efficient way possible, thus demonstrating the importance of carrying out this modeling. Specifically, in this thesis we will analyze how this is carried out at AFR-IX telecom, a telecommunications company that offers data and advanced managed solutions to telecommunications companies and operators in Africa. To achieve this objective, different theoretical frameworks that are relevant today in the business world have been studied, specifically BPMN, eTOM, ITIL and ISO 27001. All modeling must be based on these concepts in order to implement the model obtained using different tools. In this project you will be able to see how some of the most used today have been used in a practical way, such as Signavio, Visio, Odoo and Service Desk Plus.Aquest projecte tracta el disseny i el modelatge dels processos que formen una empresa per poder assolir els objectius proposats, de millora de qualitat i organització, de la forma més eficaç possible, demostrant així la importància de realitzar aquest modelatge. Concretament, en aquest TFG analitzarem com es porta això a terme en AFR-IX telecom, una empresa de telecomunicacions que ofereix dades i solucions gestionades avançades a empreses i operadors de telecomunicacions a l'Àfrica. Per assolir aquest objectiu, s'han estudiat diferents marcs teòrics que avui en dia són rellevants en el món empresarial, concretament BPMN, eTOM, ITIL i ISO 27001. Tot modelatge s'ha de basar en aquests conceptes per arribar a implementar el model obtingut fent ús de diferents eines. En aquest projecte es podrà veure com s'han usat de forma pràctica algunes de les més utilitzades avui en dia com són Signavio, Visio, Odoo i Service Desk Plus.Este proyecto trata el diseño y el modelado de los procesos que forman a una empresa para poder alcanzar los objetivos propuestos, de mejora de calidad y organización, de la forma más eficaz posible, demostrando así la importancia de realizar este modelado. Concretamente, en este TFG analizaremos como se lleva esto a cabo en AFR-IX telecom, una empresa de telecomunicaciones que ofrece datos y soluciones gestionadas avanzadas a empresas y operadores de telecomunicaciones en África. Para alcanzar este objetivo, se han estudiado distintos marcos teóricos que hoy en día son relevantes en el mundo empresarial, concretamente BPMN, eTOM, ITIL e ISO 27001. Todo modelado se debe basar en estos conceptos para llegar a implementar el modelo obtenido haciendo uso de distintas herramientas. En este proyecto se podrá ver como se han usado de forma práctica algunas de las más utilizadas hoy en día como son Signavio, Visio, Odoo y Service Desk Plus

A model of quality service management for information systems

Tese de mestrado. Mestrado em Engenharia Electrotécnica e de Computadores (Área de especialização Tecnologias da Informação para Gestão Empresarial). Faculdade de Engenharia. Universidade do Porto. 200

A process framework for information security management

Securing sensitive organizational data has become increasingly vital to organizations. An Information Security Management System (ISMS) is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization\u27s information security. Key elements of the operation of an ISMS are ISMS processes. However, and in spite of its importance, an ISMS process framework with a description of ISMS processes and their interaction as well as the interaction with other management processes is not available in the literature. Cost benefit analysis of information security investments regarding single measures protecting information and ISMS processes are not in the focus of current research, mostly focused on economics. This article aims to fill this research gap by proposing such an ISMS process framework as the main contribution. Based on a set of agreed upon ISMS processes in existing standards like ISO 27000 series, COBIT and ITIL. Within the framework, identified processes are described and their interaction and interfaces are specified. This framework helps to focus on the operation of the ISMS, instead of focusing on measures and controls. By this, as a main finding, the systemic character of the ISMS consisting of processes and the perception of relevant roles of the ISMS is strengthened

Criminal compliance system: implementation of a compliance model in the information technology security sector

Treballs Finals de Grau de Dret. Universitat de Barcelona. Curs: 2023-2024. Tutor: Dr. Javier Cigüela SolaThe concept of Compliance has gone from being a new trend in business management to consolidating itself as a key resource in those organisations committed to ethical integrity, good governance and long-term sustainability. This work explores, through a literature review, the intricate landscape of criminal compliance in the IT security sector by examining its main legal framework, its fundamental components, the essential steps for the design and implementation of a criminal compliance system (CCS) and the main challenges companies may face. The analysis emphasizes how effective compliance programmes serve as a critical bulwark against criminal activity, mitigating risks, safeguarding reputation and fostering a culture of ethical conduct. Particularly, it addresses the unique challenges and opportunities presented by the rapidly evolving field of cybersecurity, underlining the critical role of robust CCS in mitigating cybercrime risks. It is therefore an arduous process that requires proactivity, effort and sufficient investment of resources, involvement, ongoing commitment and continuous training by all members involved as well as multidisciplinary professionals with sufficient subject- matter expertise and experience to correct mistakes, make improvements and adapt to the changing world of compliance, specially, in cyberspace.El concepto de compliance ha pasado de ser una nueva tendencia en la gestión empresarial a consolidarse como un recurso clave en aquellas organizaciones comprometidas con la integridad ética, el buen gobierno y la sostenibilidad a largo plazo. Este trabajo explora, a través de una revisión bibliográfica, el intrincado panorama del cumplimiento penal en el sector de la seguridad informática, mediante el estudio de su principal marco jurídico, sus componentes fundamentales, los pasos esenciales para el diseño y la implantación de un sistema de cumplimiento penal (SCP) y los principales retos a los que pueden enfrentarse las empresas. El análisis hace hincapié en cómo los programas de cumplimiento eficaces sirven de baluarte fundamental contra la actividad delictiva, mitigando los riesgos, salvaguardando la reputación y fomentando una cultura de conducta ética. En particular, aborda los retos y oportunidades únicos que presenta el campo de la ciberseguridad, de rápida evolución, subrayando el papel fundamental de unos SCP sólidos para mitigar los riesgos de ciberdelincuencia. Se trata, por tanto, de un proceso arduo que requiere proactividad, esfuerzo y suficiente inversión de recursos, implicación, compromiso constante y formación continua por parte de todos los miembros implicados así como profesionales multidisciplinares expertos en la materia y con suficiente experiencia para corregir errores, introducir mejoras y adaptarse al cambiante mundo del cumplimiento, especialmente, en el ciberespacio

Investigating Stakeholder Perceptions of ISO Management Systems in the UK Agricultural Sector

This paper considered perceptions from a relatively small sample of case studies but acknowledges other respondents views have been triangulated to an extent that verifies the samples used are representative of the UK agricultural supply chain. The present study provides a starting-point for further research into the adoption and uptake of ISO management systems standards in the UK agricultural sector and its supply chain. Therefore this paper does not explore the relationships between adoption of ISO management systems and the impact of them it rather explores perceptions of different ISO management systems from stakeholders viewpoints. Following an extensive review of stakeholder perceptions this paper concludes that the uptake of ISO management systems in the UK will continue and more areas of the agriculture supply chain will feel obliged to certify their management systems to a wider range of standards than just the well known quality management and environmental management system standards.  The extensive certification of ISO management systems in the UK is well known and this paper focuses on acceptance and perceptions of such standards in the UK agricultural sector. The research identified a lack of understanding and hence encourages agricultural specialists, teachers and policy makers to provide information to the agricultural sector regarding the value and scope of ISO management systems in supporting best practice and identification of regulatory compliance issues. This paper is significant in that it has acknowledged an uptake and trend in certification of management systems within the agricultural sector in the UK but has identified a lack of understanding of such systems amongst stakeholders of the agricultural supply chain. Finally, the paper clearly shows many noteworthy opportunities for further certified management systems research within the worldwide agricultural supply chain. Keywords:  ISO standards, management systems, stakeholder perceptions, agriculture, food safety, food contro

Investigating Stakeholder Perceptions of ISO Management Systems in the UK Agricultural Sector

This paper considered perceptions from a relatively small sample of case studies but acknowledges other respondents views have been triangulated to an extent that verifies the samples used are representative of the UK agricultural supply chain. The present study provides a starting-point for further research into the adoption and uptake of ISO management systems standards in the UK agricultural sector and its supply chain. Therefore this paper does not explore the relationships between adoption of ISO management systems and the impact of them it rather explores perceptions of different ISO management systems from stakeholders viewpoints. Following an extensive review of stakeholder perceptions this paper concludes that the uptake of ISO management systems in the UK will continue and more areas of the agriculture supply chain will feel obliged to certify their management systems to a wider range of standards than just the well known quality management and environmental management system standards. The extensive certification of ISO management systems in the UK is well known and this paper focuses on acceptance and perceptions of such standards in the UK agricultural sector. The research identified a lack of understanding and hence encourages agricultural specialists, teachers and policy makers to provide information to the agricultural sector regarding the value and scope of ISO management systems in supporting best practice and identification of regulatory compliance issues. This paper is significant in that it has acknowledged an uptake and trend in certification of management systems within the agricultural sector in the UK but has identified a lack of understanding of such systems amongst stakeholders of the agricultural supply chain. Finally, the paper clearly shows many noteworthy opportunities for further certified management systems research within the worldwide agricultural supply chain