To read this content please select one of the options below:

Reaching escape velocity: A practiced approach to information security management system implementation

Jason Bellone (United Nations Office, Geneva, Switzerland)
Segolene de Basquiat (United Nations, New York, New York, USA)
Juan Rodriguez (United Nations, New York, New York, USA)

Information Management & Computer Security

ISSN: 0968-5227

Article publication date: 21 March 2008




This paper aims to demonstrate and offer an open source toolkit with the intent that making technology available to the community may serve to support organizations planning an information security management system implementation.


A case study is presented which highlights the authors' approach to building capability and subsequently overcoming inertial forces which would otherwise have impeded the organization's compliance initiative.


The case study proposes a novel approach to managing an ISMS implementation through the use of a custom developed toolkit, which based on the experience of the authors enabled the subject organization to achieve ISO 27001 certification.

Practical implications

The adoption of the approach and tradecraft presented in the paper may enable similar organizations in building capacity to better manage information security programs.


Insomuch as the recently revised ISO 27001 Information Security Code of Practice is well documented, comprehensive, methodological and widely supported, it is evident from the relatively low volume of certifications (a list of current certification registrations may be found at the ISMS International User Group Certificate Register –, that many compliance initiatives are challenged in realizing full success. Based on the experiences presented in this paper, the authors believe these challenges must be overcome with appropriate capability building necessary to achieve a successful implementation.



Bellone, J., de Basquiat, S. and Rodriguez, J. (2008), "Reaching escape velocity: A practiced approach to information security management system implementation", Information Management & Computer Security, Vol. 16 No. 1, pp. 49-57.



Emerald Group Publishing Limited

Copyright © 2008, Emerald Group Publishing Limited

Related articles