Proceedings of International Conference on Applied Innovation in IT  ·  2026/04/22  ·  Vol. 14  ·  Issue 2  ·  pp. 451–458
IT Standardization in the Area of Information Security with a Focus on ISO/IEC 27001
Lazar Krstić and Marija Krstić
📄 Download PDF DOI: Under indexing
Abstract
Due to the intensive use of information technologies, the protection and security of information have become a key challenge and imperative in the business environment. Threats to information security are constantly growing, and more and more organizations know that poor information security can be "expensive", regardless of whether their or their customers' confidential data is at risk. In this regard, various standards and guidelines for information security have been developed. In this paper, the focus is on the ISO/IEC 27000 family of standards for information security management, more precisely, the most well-known standard for information security and the fourth most widespread ISO standard - ISO/IEC 27001. The paper aims to analyze the current state of standardization in the field of information protection and security through the analysis of available sources of knowledge and to point out the importance of applying the ISO/IEC 27000 family of standards in practice and then use statistical analysis, specifically, using adequate T-test to examine whether the price of the most popular and, in practice, the most applied standard from the ISO/IEC 27000 family, the ISO/IEC 27001 standard, is statistically significantly different from the price of other published standards from the said family.
Keywords
Standard Information Security ISO/IEC 27000 ISO/IEC 27001 T-test.
References
  1. The MBA Institute, “Definitions of IT,” 2025, [Online]. Available: https://themba.institute/information-systems-for-managers/definitions-of-it/, [Accessed: Aug. 20, 2025].
  2. PC Press, “Standardi u informacionim sistemima i tehnologijama,” 2025, [Online]. Available: https://pcpress.rs/standardi-u-informacionim-sistemima-i-tehnologijama/, [Accessed: Aug. 20, 2025].
  3. G. Culot, G. Nassimbeni, M. Podrecca, and M. Sartor, “The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda,” The TQM Journal, vol. 33, no. 7, pp. 76-105, 2021, [Online]. Available: https://doi.org/10.1108/TQM-09-2020-0202.
  4. A. Y. El-Bably, “Overview of the impact of human error on cybersecurity based on ISO/IEC 27001 Information Security Management,” Journal of Information Security and Cyber Research (JISCR), vol. 4, no. 1, pp. 95-102, 2021, [Online]. Available: https://doi.org/10.26735/WLPW6121.
  5. O. Fonseca-Herrera, A. Rojas, and H. Florez, “A model of an information security management system based on NTC-ISO/IEC 27001 standard,” IAENG International Journal of Computer Science, vol. 48, no. 2, pp. 213-222, 2021, [Online]. Available: https://www.iaeng.org/IJCS/issues_v48/issue_2/IJCS_48_2_01.pdf, [Accessed: Aug. 27, 2025].
  6. N. K. Gunawan, R. B. Hadiprakoso, and H. Kabetta, “Comparative study between the integration of ITIL and ISO/IEC 27001 with the integration of COBIT and ISO/IEC 27001,” in IOP Conf. Series: Materials Science and Engineering, Jakarta, Indonesia, Nov. 21-22, 2020, pp. 1-5, [Online]. Available: https://doi.org/10.1088/1757-899X/852/1/012128.
  7. S. Choubey and A. Bhargava, “Significance of ISO/IEC 27001 in the implementation of governance, risk and compliance,” IJSRNSC Int. J. of Scientific Research in Network Security and Communication, vol. 6, no. 2, pp. 30-33, 2018, [Online]. Available: https://ijsrnsc.org/index.php/j/article/view/130/130, [Accessed: Sept. 2, 2025].
  8. Institut za standardizaciju Srbije, “Šta je standard?” 2025, [Online]. Available: https://iss.rs/sr_Latn/shta-je-standard_p13.html, [Accessed: Sept. 3, 2025].
  9. CIO Wiki, “IT Standard (Information Technology Standard),” 2025, [Online]. Available: https://cio-wiki.org/wiki/IT_Standard_(Information_Technology_Standard), [Accessed: Sept. 4, 2025].
  10. 1+1 Technology, “Achieve your business goals faster with IT standardization,” 2025, [Online]. Available: https://www.1plus1tech.com/achieve-your-business-goals-faster-with-it-standardization/, [Accessed: Sept. 5, 2025].
  11. DKE Standards, “The importance of standardization – benefits and advantages,” 2025, [Online]. Available: https://www.dke.de/en/standards-and-specifications/importance-of-standardization, [Accessed: Sept. 6, 2025].
  12. Standards+Innovation, “Standardization organizations,” 2025, [Online]. Available: https://www.standardspluselearning.eu/b-1-1-standardization-organizations, [Accessed: Sept. 7, 2025].
  13. D. Ganji, H. Mouratidis, and S. M. Gheytassi, “Towards a modelling language for managing the requirements of ISO/IEC 27001 standard,” in Proc. SOFTENG 2019 – Fifth Int. Conf. on Advances and Trends in Software Engineering, Valencia, Spain, Mar. 24-28, 2019, pp. 17-23, [Online]. Available: https://www.researchgate.net/publication/332801832.
  14. A. Renvall, Improving Cybersecurity Through ISO/IEC 27001 Information Security Standard in the Context of SMEs, M.S. thesis, Metropolia Univ. of Applied Sciences, Helsinki, Finland, 2018, [Online]. Available: https://www.theseus.fi/bitstream/handle/10024/157277/Renvall_Aleksi_final.pdf.
  15. IT Governance, “ISO 27000 series of standards,” 2025, [Online]. Available: https://www.itgovernance.co.uk/iso27000-family, [Accessed: Sept. 13, 2025].
  16. Auro Standard, “ISO 27001,” 2025, [Online]. Available: https://www.aurostandard.org/standardi/iso-27001/, [Accessed: Sept. 13, 2025].
  17. Jonik, “ISO 27001:2013,” 2025, [Online]. Available: https://www.jonik.rs/rs/iso-27001-2013, [Accessed: Sept. 15, 2025].
  18. IEEE, “About IEEE,” 2025, [Online]. Available: https://www.ieee.org/, [Accessed: Sept. 16, 2025].
  19. ISO, “ISO/IEC/IEEE 18882:2017,” 2025, [Online]. Available: https://www.iso.org/obp/ui/#iso:std:iso-iec-ieee:18882:ed-1:v1:en, [Accessed: Sept. 16, 2025].
  20. IEEE Computer Society, “Cybersecurity and Privacy Standards Committee,” 2025, [Online]. Available: https://www.computer.org/volunteering/boards-and-committees/standards-activities/committees/cybersecurity-privacy, [Accessed: Sept. 20, 2025].
ICAIIT 2026
International Conference on Applied Innovation in IT
Bringing together researchers, engineers and practitioners to share advances in applied information technology.
Ethics in Publications Call for Papers For Authors Contact Us Accommodation
Submission deadline
September 29, 2026
Paper acceptance
November 2, 2026
Journal publication
November 30, 2026
Next conference
March 11, 2027 · Köthen, Germany
Anhalt University of Applied Sciences icaiit.org
© 2026 ICAIIT · Anhalt University of Applied Sciences ISSN 2198-8005 (online)

Proceedings of the International Conference on Applied Innovations in IT by Anhalt University of Applied Sciences is licensed under CC BY-SA 4.0  ·  This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License