Juhani Anttila
Venture Knowledgist Quality Integration
Helsinki, Finland




Business leaders shall have the responsibility to cope with all managerial branches of knowledge, “disciplines”, required in their business and used within their organization’s business processes. These disciplines are handled in various international management system standards for directing and guiding the development of organizational practices. In this paper we consider those disciplines and their business integration in a multifaceted organizational environment both from their philosophical foundation and from the practical viewpoints.

Information security management is one of the disciplines that has become significant or even crucial for the most organizations of business and social communities. The ISO/IEC 27001 standard specifies general requirements for it. In this paper, the authors take a stance on this standard and reveal problems from the standards’ user’s point of view, and present experienced solutions that can be applied for the needs of any kind of organization.

This paper provides a comprehensive insight with many different and practically relevant viewpoints into applying the ISO/IEC 27001 standard creatively, and integrates the standard with other managerial disciplines and the management processes of an organization. This is a new approach differing from traditional isolated and strictly formalized implementations of the information security management systems. Also the harmonization of the different management system standards is a new effort in standardization.

Challenges of the modern business environments are discussed. Information security management is considered from the viewpoint of an organization’s overall business performance, and in this context a practical focus is on evaluations and systemic performance transformations. Business leaders’ crucial role is justified, and management situations are analyzed and new attitudes proposed.

The research approach of this paper is business pragmatism combined with relevant academic studies based on the authors’ long term experience as business and standardization practitioners, and academic researchers.

[This text was prepared together with Kari Jussila, Jorma Kajava, and Ilkka Kamaja, and presented at the ARES conference in Prague, Czech Republic in 2012]