Total views : 388

Will the Certification System for Information Security Management Help to Improve Organizations’ Information Security Performance? The Case of K-ISMS


  • Department of Electrical and Computer Engineering, Chungbuk National University, 1 Chungdae-ro, Seowon-gu, Cheongju, Chungbuk - 28644, Korea, Republic of
  • Department of Information Security Management, Chungbuk National University, 1 Chungdae-ro, Seowon-gu, Cheongju, Chungbuk - 28644, Korea, Republic of


Background/Objectives: Recognizing the importance of systematic security management in organizations, the government of South Korea introduced the Information Security Management System (ISMS) certification. Methods/ Statistical Analysis: In this study, based on prior studies dealing with the goal and evaluation items of ISMS certification, we developed a model to measure the performance of ISMS certification, using the SERVQUAL models, which are service evaluation models. Also, we carried out a survey of organizations that have acquired the certification in order to prove the model’s validity and suggest ways to develop ISMS certification. Findings: In the present study, we found that investment and concern in security can influence organisational security performance based on prior research, and developed survey items for performance measurement by acquisition of ISMS certification. We conducted surveys of organisations that required ISMS certification and tried to find some factors recognisable as a performance of ISMS certification. The result of the experiment was that factors influencing security performance are responsiveness and specialty. Application/ Improvements: Future research is increased ISMS certified company in accordance with the satisfaction and effectiveness of the ISMS certified company improved through systematic empirical and hope enhance the overall security level.


Information Security Management System, ISMS Certification, Information Security Performance, Service Quality, SERVQUAL.

Full Text:

 |  (PDF views: 356)


  • Kim SY, Park ST, Ko MH. Analysis of the competencies of information security consultants: Comparison between required level and retention level. Indian Journal of Science and Technology. 2015 Sept; 8(21):1-8.
  • Kim HA. The percentage of information security companies which got ISMS certification is zero. EDAILY. 2014 3 Mar.
  • Im H, Seo DH, Bark DH, Park ST. An exploratory study on service quality measurement of the fourth generation mobile telecommunication: The case of the Korean market. Indian Journal of Science and Technology. 2015 Sep; 8(21):1-12.
  • Parasuraman A, Zeithaml VA, Berry LL. A conceptual model of service quality and its implications for future research. Journal of Marketing. 1985; 49(4):41–50.
  • Parasuraman A, Zeithaml VA, Berry LL. SERVQUAL: A multiple-item scale for measuring consumer perceptions of service quality. Journal of Retailing. 1988; 64(1):12–40.
  • Dagger TS, Sweeney JC, Johnson LW. A hierarchical model of health service quality scale development and investigation of an integrated model. Journal of Service Research. 2007; 10(2):123-42.
  • Lee MA, Yom YH. A comparative study of patients’ and nurses’ perceptions of the quality of nursing services, satisfaction and intent to revisit the hospital: A questionnaire survey. Journal of Nursing Studies. 2007; 44(4):545-55.
  • Ahn T, Ryu S, Han I. The impact of web quality and playfulness on user acceptance of online retailing. Information and Management. 2007; 44(3):263-75.
  • Cristobal E, Flavian C, Guinaliu M. Perceived e-Service Quality (PeSQ): Measurement validation and effects on consumer satisfaction and web site loyalty. Managing Service Quality: An International Journal. 2007; 17(3):317-40.
  • Grigoroudis E, Litosa C, Moustakisa VA, Politisa Y, Tsironisa L. The assessment of user-perceived web quality: Application of a satisfaction benchmarking approach. European Journal of Operational Research. 2008; 187(3):1346-57.
  • Tan KC, Pawitra TA. Integrating SERVQUAL and Kano’s model into QFD for service excellence development. Managing Service Quality: An International Journal. 2001; 11(6):418-30.
  • Lin H. Fuzzy application in service quality analysis: An empirical study. Expert Systems with Applications. 2010; 37(1):517-26.
  • Jiang JJ, Klein G, Christopher LC. Measuring information system service quality: SERVQUAL from the other Side. MIS Quarterly. 2006; 26(2):145-66.
  • Van Dyke TP, Kappelman KA, Victor R. Measuring information systems service quality: Concerns on the use of the SERVQUAL questionnaire. MIS Quarterly. 1997; 21(2):195-208.
  • Yoon S, Suh H. Ensuring IT consulting SERVQUAL and user satisfaction: A modified measurement tool. Information Systems Frontiers. 2004; 6(4):341-51.
  • Hone K, Eloff JHP. Information security policy - What do international information security standards say? Computers and Security. 2002; 21(5):402-9.
  • Saint R. Information security management best practice based on ISO/IEC 17799. Information Management Journal. 2005 Jul/Aug; 62-6.
  • Helokunnas T, Kuusisto R. Information security culture in a value net. Proceedings of Engineering Management Conference; 2003. p. 190-4.
  • Humphreys E. Information security management standards: Compliance, governance and risk management. Information Security Technical Report. 2008; 13(4):247-55.
  • Gerber M, Solms RV. Information security requirements – interpreting the legal aspects. Computers and Security. 2008; 27(5-6):124-35.
  • Gordon LA, Loeb MP. The economics of information security investment. ACM Transactions on Information and System Security. 2002; 5(4):438-57.
  • Posthumus S, Solms RV. A framework for the governance of information security. Computers and Security. 2004; 23(8):638-46.
  • Solms BV. Information security - A multidimensional discipline. Computers and Security. 2001; 20(6):504-8.
  • Werlinger R, Hawkey K, Beznosov K. An integrated view of human, organizational and technological challenges of IT security management. Information Management and Computer Security. 2009; 17(1):4-19.
  • Vroom C, Solms RV. Towards information security behavioral compliance. Computers and Security. 2004; 23(3):191-8.
  • Blakley B, McDermott E, Geer D. Information security is information risk management. Proceedings of the 2001 Workshop on New Security Paradigms; 2001. p. 97-104.
  • Karabacak B, Sogukpinar I. ISRAM: Information security risk analysis method. Computers and Security. 2005; 24(2):147-59.
  • Khalfan AM. Information security considerations in IS/IT outsourcing projects: A descriptive case study of two sectors. Journal of Information Management. 2004; 24(1):29-42.
  • Gonzalez JJ, Sawicka A. A framework for human factors in information security. Proceedings of the 2002 WSEAS International Conference on Information Security; Rio de Janeiro. p. 2002.
  • D’Arcy J, Hovav A, Galletta D. User awareness of security counter measures and its impact on information systems misuse: A deterrence approach. Information Systems Research. 2009; 20(1):79-98.
  • Purser SA. Improving the ROI of the security management process. Computers and Security. 2004; 23(7):542-6.
  • Baskerville R, Siponen M. An information security meta-policy for emergent organizations. Logistics Information Management. 2002; 15(5-6):337-46.
  • Fornell C, Larcker D. Evaluating structural equation models with unobservable variables and measurement error. Journal of Marketing Research. 1981; 18(1):39-50.
  • Nunnally JC. Introduction to Statistics for Psychology and Education. NY: McGraw-Hill; 1975.
  • Thompson R, Barclay DW, Higgins CA. The partial least squares approach to causal modeling: Personal computer adoption and use as an illustration. Technology Studies: Special Issue on Research Methodology. 1995; 2(2):284-324.
  • Chin WW. The Partial Least Squares Approach to Structural Equation Modeling in Modern Business Research Methods. In: Marcoulides GA, editor. Manwah, NJ: Lawrence Erlbaum Associates; 1998. p. 295-336.
  • Chin WW, Gopal A. Adoption intention in GSS: Importance of beliefs. Data Base Advance. 1995; 26(2-3):42-64.
  • Falk RF, Miller NB. A Primer for Soft Modeling. University of Akron Press; 1992.
  • Wetzels M, Odekerken-Schroder G, Van Oppen C. Using PLS path modeling for assessing hierarchical construct models: Guidelines and empirical illustration. MIS Quarterly. 2009; 33(1):177-95.


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.