Benefits and Challenges in Information Security Certification – A Systematic Literature Review

Mike Hulshof; Maya Daneva

doi:10.1007/978-3-030-79976-2_9

Benefits and Challenges in Information Security Certification – A Systematic Literature Review

Mike Hulshof
, Maya Daneva^*

^*Corresponding author for this work

Semantics, Cybersecurity & Services

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

5 Citations (Scopus)

147 Downloads (Pure)

Abstract

Information security certification (ISC) gets increasingly more complex. Although certain benefits, challenges and success factors have been recognized by both scholars and practitioners in the field, little has been done to consolidate the published knowledge. This systematic literature review attempts to consolidate what is currently known on the benefits of ISC, the issues and the challenges to certification, and the success factors that organizations consider while embarking on this process. Following the guidelines of Kitchenham et al., and Kuhrmann et al., we examined 42 papers that are relevant to our area of interest. We identified 12 benefits, 15 challenges, and 8 success factors. Our most important conclusion is that the current certification process is complex and suboptimal; it is expensive and it depends on the auditor’s skills. Finally, we evaluated validity threats and derived some implications for practice and for research.

Original language	English
Title of host publication	Business Modeling and Software Design
Subtitle of host publication	11th International Symposium, BMSD 2021, Sofia, Bulgaria, July 5–7, 2021, Proceedings
Editors	Boris Shishkov
Place of Publication	Cham
Publisher	Springer
Pages	154-169
Number of pages	16
ISBN (Electronic)	978-3-030-79976-2
ISBN (Print)	978-3-030-79975-5
DOIs	https://doi.org/10.1007/978-3-030-79976-2_9
Publication status	Published - 2021
Event	11th International Symposium on Business Modeling and Software Design, BMSD 2021 - Sofia, Bulgaria Duration: 5 Jul 2021 → 7 Jul 2021 Conference number: 11

Publication series

Name	Lecture Notes in Business Information Processing
Publisher	Springer
Volume	422
ISSN (Print)	1865-1348
ISSN (Electronic)	1865-1356

Conference

Conference	11th International Symposium on Business Modeling and Software Design, BMSD 2021
Abbreviated title	BMSD
Country/Territory	Bulgaria
City	Sofia
Period	5/07/21 → 7/07/21

Keywords

Information security auditing practice
Security accreditation
Security certification
Systematic literature review
2024 OA procedure

Access to Document

10.1007/978-3-030-79976-2_9

ArticleFinal published version, 1.06 MBLicence: Taverne

Cite this

Hulshof, M., & Daneva, M. (2021). Benefits and Challenges in Information Security Certification – A Systematic Literature Review. In B. Shishkov (Ed.), Business Modeling and Software Design: 11th International Symposium, BMSD 2021, Sofia, Bulgaria, July 5–7, 2021, Proceedings (pp. 154-169). (Lecture Notes in Business Information Processing; Vol. 422). Springer. https://doi.org/10.1007/978-3-030-79976-2_9

Hulshof, Mike ; Daneva, Maya. / Benefits and Challenges in Information Security Certification – A Systematic Literature Review. Business Modeling and Software Design: 11th International Symposium, BMSD 2021, Sofia, Bulgaria, July 5–7, 2021, Proceedings. editor / Boris Shishkov. Cham : Springer, 2021. pp. 154-169 (Lecture Notes in Business Information Processing).

@inproceedings{81b373a1758840289a171cff92f3adf8,

title = "Benefits and Challenges in Information Security Certification – A Systematic Literature Review",

abstract = "Information security certification (ISC) gets increasingly more complex. Although certain benefits, challenges and success factors have been recognized by both scholars and practitioners in the field, little has been done to consolidate the published knowledge. This systematic literature review attempts to consolidate what is currently known on the benefits of ISC, the issues and the challenges to certification, and the success factors that organizations consider while embarking on this process. Following the guidelines of Kitchenham et al., and Kuhrmann et al., we examined 42 papers that are relevant to our area of interest. We identified 12 benefits, 15 challenges, and 8 success factors. Our most important conclusion is that the current certification process is complex and suboptimal; it is expensive and it depends on the auditor{\textquoteright}s skills. Finally, we evaluated validity threats and derived some implications for practice and for research.",

keywords = "Information security auditing practice, Security accreditation, Security certification, Systematic literature review, 2024 OA procedure",

author = "Mike Hulshof and Maya Daneva",

note = "Publisher Copyright: {\textcopyright} 2021, Springer Nature Switzerland AG.; 11th International Symposium on Business Modeling and Software Design, BMSD 2021, BMSD ; Conference date: 05-07-2021 Through 07-07-2021",

year = "2021",

doi = "10.1007/978-3-030-79976-2\_9",

language = "English",

isbn = "978-3-030-79975-5",

series = "Lecture Notes in Business Information Processing",

publisher = "Springer",

pages = "154--169",

editor = "Boris Shishkov",

booktitle = "Business Modeling and Software Design",

address = "Germany",

}

Hulshof, M & Daneva, M 2021, Benefits and Challenges in Information Security Certification – A Systematic Literature Review. in B Shishkov (ed.), Business Modeling and Software Design: 11th International Symposium, BMSD 2021, Sofia, Bulgaria, July 5–7, 2021, Proceedings. Lecture Notes in Business Information Processing, vol. 422, Springer, Cham, pp. 154-169, 11th International Symposium on Business Modeling and Software Design, BMSD 2021, Sofia, Bulgaria, 5/07/21. https://doi.org/10.1007/978-3-030-79976-2_9

Benefits and Challenges in Information Security Certification – A Systematic Literature Review. / Hulshof, Mike; Daneva, Maya.
Business Modeling and Software Design: 11th International Symposium, BMSD 2021, Sofia, Bulgaria, July 5–7, 2021, Proceedings. ed. / Boris Shishkov. Cham: Springer, 2021. p. 154-169 (Lecture Notes in Business Information Processing; Vol. 422).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Benefits and Challenges in Information Security Certification – A Systematic Literature Review

AU - Hulshof, Mike

AU - Daneva, Maya

N1 - Conference code: 11

PY - 2021

Y1 - 2021

N2 - Information security certification (ISC) gets increasingly more complex. Although certain benefits, challenges and success factors have been recognized by both scholars and practitioners in the field, little has been done to consolidate the published knowledge. This systematic literature review attempts to consolidate what is currently known on the benefits of ISC, the issues and the challenges to certification, and the success factors that organizations consider while embarking on this process. Following the guidelines of Kitchenham et al., and Kuhrmann et al., we examined 42 papers that are relevant to our area of interest. We identified 12 benefits, 15 challenges, and 8 success factors. Our most important conclusion is that the current certification process is complex and suboptimal; it is expensive and it depends on the auditor’s skills. Finally, we evaluated validity threats and derived some implications for practice and for research.

AB - Information security certification (ISC) gets increasingly more complex. Although certain benefits, challenges and success factors have been recognized by both scholars and practitioners in the field, little has been done to consolidate the published knowledge. This systematic literature review attempts to consolidate what is currently known on the benefits of ISC, the issues and the challenges to certification, and the success factors that organizations consider while embarking on this process. Following the guidelines of Kitchenham et al., and Kuhrmann et al., we examined 42 papers that are relevant to our area of interest. We identified 12 benefits, 15 challenges, and 8 success factors. Our most important conclusion is that the current certification process is complex and suboptimal; it is expensive and it depends on the auditor’s skills. Finally, we evaluated validity threats and derived some implications for practice and for research.

KW - Information security auditing practice

KW - Security accreditation

KW - Security certification

KW - Systematic literature review

KW - 2024 OA procedure

UR - https://www.scopus.com/pages/publications/85117770221

U2 - 10.1007/978-3-030-79976-2_9

DO - 10.1007/978-3-030-79976-2_9

M3 - Conference contribution

AN - SCOPUS:85117770221

SN - 978-3-030-79975-5

T3 - Lecture Notes in Business Information Processing

SP - 154

EP - 169

BT - Business Modeling and Software Design

A2 - Shishkov, Boris

PB - Springer

CY - Cham

T2 - 11th International Symposium on Business Modeling and Software Design, BMSD 2021

Y2 - 5 July 2021 through 7 July 2021

ER -

Hulshof M, Daneva M. Benefits and Challenges in Information Security Certification – A Systematic Literature Review. In Shishkov B, editor, Business Modeling and Software Design: 11th International Symposium, BMSD 2021, Sofia, Bulgaria, July 5–7, 2021, Proceedings. Cham: Springer. 2021. p. 154-169. (Lecture Notes in Business Information Processing). doi: 10.1007/978-3-030-79976-2_9

Benefits and Challenges in Information Security Certification – A Systematic Literature Review

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this