1. ISO/IEC27001 Implementation Lecturer : Prof. Robert Dale 1 Department of Computing Hooran Mahmoudinasab Student ID : 41455398

2.  What is International Organization for Standardization (ISO)? The International Organization for Standardization (ISO) is an international organization that gives measurable quality to products and services which should increase reliability and operationality. 2

3. European Committee for Standardization (CEN) German Institute for Standardization (DIN) British Standards Institution (BSI) Austrian Standard Institute (ON) Switzerland Standardization Institution (SNV) 3

4.  What is ISO/IEC27001? ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. 4 Source : http://www.iso.org

5.  use within organizations to formulate security requirements and objectives  use within organizations as a way to ensure that security risks are cost effectively managed  use within organizations to ensure compliance with laws and regulations  use within an organization as a process framework for the implementation and management of controls to ensure that the specific security objectives of an organization are met  definition of new information security management processes  identification and clarification of existing information security management processes  use by the management of organizations to determine the status of information security management activities  use by the internal and external auditors of organizations to determine the degree of compliance with the policies, directives and standards adopted by an organization  use by organizations to provide relevant information about information security policies directives, standards and procedures to trading partners and other organizations with whom they interact for operational or commercial reasons  implementation of business-enabling information security  use by organizations to provide relevant information about information security to customers 5 Source : http://www.iso.org

6. This research tries to find answer to the below question: Why is the distribution of ISO27001 holders different among the countries that hold the standard? 6

7. To use or not to use 7

8. 8 The Number of ISO27001 Holders USA 77 UK 368 Germany 108 Australia 28 Japan 2779 India 426 China 161 Brazil 20 Czech 66 Vietnam 3 Bulgaria 2 Canada 3 Korea 58 Turkey 15 New Zealand 1 Mexico 8 Russia 10 Malaysia 26 Spain 25 UAE 15 Bangladesh 1 South Africa 5 Sri Lanka 4 Morocco 2 Iceland 11 Taiwan 183 Sweden 7 Chile 3 Italy 54

9. 9 ISO27001 Certification Population Total Number of Companies ExportImportTechnology Rate of IT Crimes Social Factors Laws and Regulations PoliticsGeography Compliance with Rules Establishin g ISMS

10. What?  What International Standardization Organizations state about the benefits of the standard  What companies state about ISO27001 Implementation  Factors that affect number of ISO27001 holders :  Population  Total Number of Companies  Volume of Trade-Import and Export 10

11. 11 Where? ISO27001 SwitzerlandGermanyUKAustria Number of ISO27001 Holders 251083685

12. 12

13. 13 UKGermanyAustriaSwitzerlandSUM Registration (O)366.00110.0024.005.00505.00 Registration (E)193.10261.8226.0424.00505.00 Population60,776,238.0082,400,996.008,199,783.007,554,661.00158,931,678.00 Number of Registrations Population Total 1 366 60776238 60776604 193.11 60776410.89 154.774 0.000 2 110 82400996 82401106 261.83 82400844.17 88.040 0.000 3 24 8199783 8199807 26.05 8199780.95 0.162 0.000 4 5 7554661 7554666 24.00 7554642.00 15.046 0.000 Total 505 158931678 158932183 Chi-Sq = 258.023, DF = 3, P-Value = 0.000

14. 14 UKGermanyAustriaSwitzerlandSUM Registration (O)366.00110.0024.005.00505.00 Registration (E)188.41272.3815.1129.00505.00 Company2,016,700.002,915,482.00161,732.00311,324.005,405,238.00 Number of Registrations Companies Total 1 366 2016334 2016700 188.42 2016511.58 167.375 0.016 2 110 2915372 2915482 272.39 2915209.61 96.809 0.009 3 24 161708 161732 15.11 161716.89 5.230 0.000 4 5 311319 311324 29.09 311294.91 19.946 0.002 Total 505 5404733 5405238 Chi-Sq = 289.387, DF = 3, P-Value = 0.000

15. 15 UKGermanyAustriaSwitzerlandSUM Registration (O)366.00110.0024.005.00505.00 Registration (E)118.69310.5835.3440.37505.00 Export348,430.00911,742.00103,742.00118,527.001,482,441.00 Number of Registrations Companies Total 1 366 2016334 2016700 188.42 2016511.58 167.375 0.016 2 110 2915372 2915482 272.39 2915209.61 96.809 0.009 3 24 161708 161732 15.11 161716.89 5.230 0.000 4 5 311319 311324 29.09 311294.91 19.946 0.002 Total 505 5404733 5405238 Chi-Sq = 289.387, DF = 3, P-Value = 0.000

16. 16 UKGermanyAustriaSwitzerlandSUM Registration (O)366.00110.0024.005.00505.00 Registration (E)166.87259.0037.8140.39505.00 Import461,076.00718,150.00104,489.00111,603.001,395,318.00 Number of Registrations Population Total 1 366 461076 461442 166.95 461275.05 237.334 0.086 2 110 718150 718260 259.86 718000.14 86.425 0.031 3 24 104489 104513 37.81 104475.19 5.045 0.002 4 5 111603 111608 40.38 111567.62 30.998 0.011 Total 505 1395318 1395823 Chi-Sq = 359.933, DF = 3, P-Value = 0.000

17. Factors that may not contribute to the discrepancy :  Total number of companies  Population  Volume of trade Factors that may contribute to the discrepancy :  Nature of activities of companies ?  Social factors ?  Government regulations and policies ?  Technology ?  Crime and Hacking ?  Other factors ? 17

18. THE END 18