Paper Number

1380

Paper Type

teaching

Description

CyberApp, a small cybersecurity startup, is about to finalize a contract with a strategic new partner – but only if they can convince the customer’s auditors their own security is up to standard. Noticing how laboursome and time-consuming the process seems, CyberApp needs a way to avoid going through the same process with every potential new customer. The solution – get certified against a recognized information security management (ISM) standard to get third-party accreditation. However, are they not too small to comply with a standard that is geared toward larger organizations? This real-life teaching case addresses the importance of ISM standardization, and the challenges an organization may face in the process. The students will learn how to implement ISM standard, and how to adapt the generic standard requirements to a specific context which requires creativity and innovation. The case can also be used in courses dealing with organizational compliance in general.

Comments

03-Learning

Share

COinS
 
Dec 15th, 12:00 AM

Too Small to Comply? Information Security Management Standardization of a Cybersecurity Startup

CyberApp, a small cybersecurity startup, is about to finalize a contract with a strategic new partner – but only if they can convince the customer’s auditors their own security is up to standard. Noticing how laboursome and time-consuming the process seems, CyberApp needs a way to avoid going through the same process with every potential new customer. The solution – get certified against a recognized information security management (ISM) standard to get third-party accreditation. However, are they not too small to comply with a standard that is geared toward larger organizations? This real-life teaching case addresses the importance of ISM standardization, and the challenges an organization may face in the process. The students will learn how to implement ISM standard, and how to adapt the generic standard requirements to a specific context which requires creativity and innovation. The case can also be used in courses dealing with organizational compliance in general.