ISMSs In outsourcing Context

Abstract

While information systems play a vital role in modern organizations for enhancing their business operations and achieving competitive services, they are vulnerable to insider and outsider security threats such as data loss, viruses and attackers. Many organizations have realized the importance of ISMSs and adopted them to achieve their security goals. Despite the enormous benefit of ISMSs to the achievement of security goals, they are still exposed to different security and compliance challenges and needs in the outsourcing context. In this paper, we review five ISMSs (COBIT, OCTAVE, SSE-CMM, GMITS, and the ISO/IEC 2700x series) in the outsourcing context based on specific criteria. The results of this review, in addition to the strengths and weaknesses of ISMSs, are provided in this paper.