Reaching escape velocity: A practiced approach to information security management system implementation

This paper aims to demonstrate and offer an open source toolkit with the intent that making technology available to the community may serve to support organizations planning an information security management system implementation.

A case study is presented which highlights the authors' approach to building capability and subsequently overcoming inertial forces which would otherwise have impeded the organization's compliance initiative.

The case study proposes a novel approach to managing an ISMS implementation through the use of a custom developed toolkit, which based on the experience of the authors enabled the subject organization to achieve ISO 27001 certification.

The adoption of the approach and tradecraft presented in the paper may enable similar organizations in building capacity to better manage information security programs.

Insomuch as the recently revised ISO 27001 Information Security Code of Practice is well documented, comprehensive, methodological and widely supported, it is evident from the relatively low volume of certifications (a list of current certification registrations may be found at the ISMS International User Group Certificate Register – www.iso27001certificates.com), that many compliance initiatives are challenged in realizing full success. Based on the experiences presented in this paper, the authors believe these challenges must be overcome with appropriate capability building necessary to achieve a successful implementation.