Paper Number
1380
Paper Type
teaching
Description
CyberApp, a small cybersecurity startup, is about to finalize a contract with a strategic new partner – but only if they can convince the customer’s auditors their own security is up to standard. Noticing how laboursome and time-consuming the process seems, CyberApp needs a way to avoid going through the same process with every potential new customer. The solution – get certified against a recognized information security management (ISM) standard to get third-party accreditation. However, are they not too small to comply with a standard that is geared toward larger organizations? This real-life teaching case addresses the importance of ISM standardization, and the challenges an organization may face in the process. The students will learn how to implement ISM standard, and how to adapt the generic standard requirements to a specific context which requires creativity and innovation. The case can also be used in courses dealing with organizational compliance in general.
Recommended Citation
Niemimaa, Elina; Niemimaa, Marko; and Järveläinen, Jonna, "Too Small to Comply? Information Security Management Standardization of a Cybersecurity Startup" (2024). ICIS 2024 Proceedings. 15.
https://aisel.aisnet.org/icis2024/learnandiscurricula/learnandiscurricula/15
Too Small to Comply? Information Security Management Standardization of a Cybersecurity Startup
CyberApp, a small cybersecurity startup, is about to finalize a contract with a strategic new partner – but only if they can convince the customer’s auditors their own security is up to standard. Noticing how laboursome and time-consuming the process seems, CyberApp needs a way to avoid going through the same process with every potential new customer. The solution – get certified against a recognized information security management (ISM) standard to get third-party accreditation. However, are they not too small to comply with a standard that is geared toward larger organizations? This real-life teaching case addresses the importance of ISM standardization, and the challenges an organization may face in the process. The students will learn how to implement ISM standard, and how to adapt the generic standard requirements to a specific context which requires creativity and innovation. The case can also be used in courses dealing with organizational compliance in general.
Comments
03-Learning