A REVIEW OF ISMS APPROACHES OF VARIOUS ORGANIZATIONS WITH ISO 27001 INFORMATION SECURITY MANAGEMENT SYSTEM CERTIFICATE IN TURKEY

Abstract

In today’s world, information is a valuable and indispensable asset for individuals and especially institutions as much as other economic assets. While the development of technology and communication provides many conveniences in life, it also brings many risks and threats. As a result of these emerging risks and threats, the concept of information security has gained serious importance; it’s inevitable for businesses, institutions and states to turn to the most appropriate information security solutions in order to store, protect and manage the information they have. Organizations are trying to comply with the standards and legal regulations such as ITIL, COBIT, and ISO 27001, which are most suitable for their strategies, goals, needs, and processes.

Within the scope of this research, as a bounded universe; with the convenience sampling method, 20 organizations operating in metropolitan cities in Turkey that have ISO 27001 information security management system certificates were selected, and a study sample was created with 632 personnel working in these organizations, and the data obtained through the questionnaire were analyzed with the descriptive analysis method. In this way, it’s aimed to analyze the opinions about the ISO 27001 standard and ISMS applied in these organizations.