{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,21]],"date-time":"2026-03-21T04:08:53Z","timestamp":1774066133911,"version":"3.50.1"},"reference-count":72,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2023,8,21]],"date-time":"2023-08-21T00:00:00Z","timestamp":1692576000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2023,8,21]],"date-time":"2023-08-21T00:00:00Z","timestamp":1692576000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100003509","name":"\u00d6rebro University","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100003509","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Inf Syst E-Bus Manage"],"published-print":{"date-parts":[[2023,9]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Organizations use the ISO\/IEC 27001 standard to establish an information security management system (ISMS). This standard outlines specific security measures and requirements that organizations can implement to effectively manage their information assets. However, the effectiveness of the standard\u2019s problem-solving capabilities has raised some questions. Consequently, there is a continuous development of new governance methods that demand fresh approaches to validate security operations and measures. In light of this, research is being conducted to examine the application and impact of ISO\/IEC 27001, as well as to analyze the challenges and knowledge gaps through theoretical perspectives. By employing stakeholder theory, the focus shifts towards integrating business and social issues and exploring how non-business pressures can influence stakeholder motivations in implementing standards. Additionally, it investigates the impact of these standards on an organization\u2019s reputation, performance, and operations. Therefore, the objective of this study is to investigate the output legitimacy of ISO\/IEC 27001 from the perspective of stakeholder expectations. To accomplish this, an interview-based study was conducted, involving relevant stakeholders engaged in information security management within private organizations in Sweden. The findings reveal eight key information security objectives. The results indicate that the level of output legitimacy of the standard varies across these objectives, ranging from high to medium to low. To achieve a high level of output legitimacy for ISO\/IEC 27001, stakeholders must understand that the standard is not solely a technical document. Furthermore, stakeholders need to possess the appropriate knowledge and skills in information security to effectively navigate their work while leveraging the support provided by the standard.<\/jats:p>","DOI":"10.1007\/s10257-023-00646-y","type":"journal-article","created":{"date-parts":[[2023,8,21]],"date-time":"2023-08-21T06:02:37Z","timestamp":1692597757000},"page":"699-722","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":19,"title":["Information security objectives and the output legitimacy of ISO\/IEC 27001: stakeholders\u2019 perspective on expectations in private organizations in Sweden"],"prefix":"10.1007","volume":"21","author":[{"given":"Yasmin","family":"Kamil","sequence":"first","affiliation":[]},{"given":"Sofia","family":"Lund","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7907-6037","authenticated-orcid":false,"given":"M Sirajul","family":"Islam","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,8,21]]},"reference":[{"key":"646_CR1","doi-asserted-by":"crossref","unstructured":"Aginsa A, Edward IYM, Shalannanda W (2016), August Enhanced information security management system framework design using ISO 27001 and zachman framework-A study case of XYZ company. In 2016 2nd International Conference on Wireless and Telematics (ICWT) (pp.\u00a062\u201366). IEEE","DOI":"10.1109\/ICWT.2016.7870853"},{"issue":"7","key":"646_CR2","first-page":"29","volume":"158","author":"S Al-Dhahri","year":"2017","unstructured":"Al-Dhahri S, Al-Sarti M, Abdul A (2017) Information security management system. Int J Comput Appl 158(7):29\u201333","journal-title":"Int J Comput Appl"},{"key":"646_CR74","doi-asserted-by":"crossref","unstructured":"Aldya AP, Sutikno S, Rosmansyah Y (2019) Measuring effectiveness of control of information security management system based on SNI ISO\/IEC 27004: 2013 standard. In: IOP conference, materials science and engineering 550:1\u201311","DOI":"10.1088\/1757-899X\/550\/1\/012020"},{"key":"646_CR3","doi-asserted-by":"crossref","unstructured":"Alebrahim A, Hatebur D, Goeke L (2014), August Pattern-based and ISO 27001 compliant risk analysis for cloud systems. In 2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE) (pp.\u00a042\u201347). IEEE","DOI":"10.1109\/ESPRE.2014.6890527"},{"issue":"2","key":"646_CR4","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1515\/dim-2017-0006","volume":"1","author":"A AlKalbani","year":"2017","unstructured":"AlKalbani A, Deng H, Kam B, Zhang X (2017) Information Security compliance in organizations: an institutional perspective. Data Info Manage 1(2):104\u2013114","journal-title":"Data and Information Management"},{"key":"646_CR6","doi-asserted-by":"publisher","first-page":"102035","DOI":"10.1016\/j.cose.2020.102035","volume":"99","author":"A Andersson","year":"2020","unstructured":"Andersson A, Karlsson F, Hedstr\u00f6m K (2020) Consensus versus warfare\u2013unveiling discourses in de jure information security standard development. computers & security 99:102035","journal-title":"computers & security"},{"issue":"3","key":"646_CR5","doi-asserted-by":"publisher","first-page":"103623","DOI":"10.1016\/j.im.2022.103623","volume":"59","author":"A Andersson","year":"2022","unstructured":"Andersson A, Hedstr\u00f6m K, Karlsson F (2022) Standardizing information security\u2013a structurational analysis. Inf Manag 59(3):103623","journal-title":"Inf Manag"},{"key":"646_CR7","doi-asserted-by":"crossref","unstructured":"Backhouse J, Hsu CW, Silva L (2006) Circuits of power in creating de jure standards: shaping an international information systems security standard. MIS Q, 413\u2013438","DOI":"10.2307\/25148767"},{"issue":"5","key":"646_CR8","doi-asserted-by":"publisher","first-page":"290","DOI":"10.1002\/eet.425","volume":"16","author":"K B\u00e4ckstrand","year":"2006","unstructured":"B\u00e4ckstrand K (2006) Multi-stakeholder partnerships for sustainable development: rethinking legitimacy, accountability and effectiveness. Eur Environ 16(5):290\u2013306","journal-title":"Eur Environ"},{"key":"646_CR9","unstructured":"Bakker A (2018) OSSUM: a framework for determining the quality of Information Security Assessment Methodologies. Master\u2019s study, University of Twente)"},{"key":"646_CR11","doi-asserted-by":"crossref","unstructured":"Beckers K, Fa\u00dfbender S, Heisel M, K\u00fcster JC, Schmidt H (2012a) February Supporting the development and documentation of ISO 27001 information security management systems through security requirements engineering approaches. In: International symposium on engineering secure software and systems. Springer, Berlin, Heidelberg, p 14\u201321","DOI":"10.1007\/978-3-642-28166-2_2"},{"key":"646_CR10","doi-asserted-by":"crossref","unstructured":"Beckers, Fassbender S, Heisel M, Schmidt H (2012b) Using security requirements engineering approaches to support ISO 27001 information security management systems development and documentation. In: 2012 seventh international conference on availability, reliability and security, p. 242\u2013248","DOI":"10.1109\/ARES.2012.35"},{"issue":"5\u20136","key":"646_CR13","doi-asserted-by":"publisher","first-page":"737","DOI":"10.1177\/0170840612443626","volume":"33","author":"S Botzem","year":"2012","unstructured":"Botzem S, Dobusch L (2012) Standardization cycles: a process perspective on the formation and diffusion of transnational standards. Organ Stud 33(5\u20136):737\u2013762","journal-title":"Organ Stud"},{"issue":"3","key":"646_CR14","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1093\/heapol\/15.3.239","volume":"15","author":"R Brugha","year":"2000","unstructured":"Brugha R, Varvasovszky Z (2000) Stakeholder analysis: a review. Health Policy Plann 15(3):239\u2013246","journal-title":"Health Policy Plann"},{"key":"646_CR76","unstructured":"Bryman A (2016) Social research methods, 5th edn. Oxford, p 373\u2013374."},{"key":"646_CR15","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1016\/j.jclepro.2012.12.034","volume":"47","author":"P Castka","year":"2013","unstructured":"Castka P, Prajogo D (2013) The effect of pressure from secondary stakeholders on the internalization of ISO 14001. J Clean Prod 47:245\u2013252","journal-title":"J Clean Prod"},{"issue":"3","key":"646_CR17","doi-asserted-by":"publisher","first-page":"355","DOI":"10.1080\/23745118.2018.1430722","volume":"19","author":"G Christou","year":"2018","unstructured":"Christou G (2018) The challenges of cybercrime governance in the European Union. Eur Politics Soc 19(3):355\u2013375","journal-title":"Eur Politics Soc"},{"issue":"7","key":"646_CR18","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1108\/TQM-09-2020-0202","volume":"33","author":"G Culot","year":"2021","unstructured":"Culot G, Nassimbeni G, Podrecca M, Sartor M (2021) The ISO\/IEC 27001 information security management standard: literature review and theory-based research agenda. TQM J 33(7):76\u2013105","journal-title":"TQM J"},{"key":"646_CR73","doi-asserted-by":"crossref","unstructured":"De la Plaza Esteban IJ, Visseren-Hamakers W, de Jong (2014) The legitimacy of certification standards in climate change governance. Sustain Develop 22:420\u2013432","DOI":"10.1002\/sd.1568"},{"key":"646_CR19","doi-asserted-by":"publisher","first-page":"170","DOI":"10.1007\/978-3-030-64330-0_11","volume-title":"Computer Security","author":"V Diamantopoulou","year":"2020","unstructured":"Diamantopoulou V, Kalloniatis C, Lyvas C, Maliatsos K, Gay M, Kanatas A, Lambrinoudakis C (2020) Aligning the concepts of risk, security and privacy towards the design of secure intelligent transport systems. Computer Security. Springer, Cham, pp 170\u2013184"},{"key":"646_CR20","doi-asserted-by":"crossref","unstructured":"Disterer G (2013) ISO\/IEC 27000, 27001 and 27002 for information security management","DOI":"10.4236\/jis.2013.42011"},{"key":"646_CR21","first-page":"1","volume":"12","author":"P Douvreleur","year":"2019","unstructured":"Douvreleur P (2019) Challenges faced by legal counsels in Big Data and Cybersecurity Activity. Int\u2019l In-House Counsel J 12:1","journal-title":"Int\u2019l In-House Counsel J"},{"issue":"1","key":"646_CR23","doi-asserted-by":"publisher","first-page":"25","DOI":"10.5465\/amj.2007.24160888","volume":"50","author":"KM Eisenhardt","year":"2007","unstructured":"Eisenhardt KM, Graebner ME (2007) Theory building from cases: Opportunities and challenges. Acad Manag J 50(1):25\u201332","journal-title":"Acad Manag J"},{"issue":"2","key":"646_CR22","first-page":"213","volume":"48","author":"OA Fonseca-Herrera","year":"2021","unstructured":"Fonseca-Herrera OA, Rojas AE, Florez H (2021) A model of an information security management system based on NTC-ISO\/IEC 27001 standard. IAENG Int J Comput Sci 48(2):213\u2013222","journal-title":"IAENG Int J Comput Sci"},{"key":"646_CR24","volume-title":"Strategic management: a stakeholder approach","author":"RE Freeman","year":"1984","unstructured":"Freeman RE (1984) Strategic management: a stakeholder approach. Pitman, Boston, MA"},{"key":"646_CR25","doi-asserted-by":"crossref","unstructured":"Gao Y (2021), August A Promising Application Prospect of Blockchain in Banking Industry from the Perspective of Stakeholder Theory. In 1st International Symposium on Innovative Management and Economics (ISIME 2021) (pp.\u00a0161\u2013165). Atlantis Press","DOI":"10.2991\/aebmr.k.210803.023"},{"key":"646_CR26","doi-asserted-by":"crossref","unstructured":"Hamdi Z, Norman AA, Molok NNA, Hassandoust F (2019), December A Comparative Review of ISMS Implementation Based on ISO 27000 Series in Organizations of Different Business Sectors. In Journal of Physics: Conference Series (Vol.\u00a01339, No. 1, p.\u00a0012103). IOP Publishing","DOI":"10.1088\/1742-6596\/1339\/1\/012103"},{"key":"646_CR27","unstructured":"Heron J (2018) ISO 27001:2013 and ISO 27001:2017 what\u2019s the difference? ISMS.online. https:\/\/www.isms.online\/iso-27001\/iso-27001-2013-iso-27001-2017-whats-the-difference\/"},{"key":"646_CR28","doi-asserted-by":"crossref","unstructured":"Hyde KF (2000) Recognising deductive processes in qualitative research. Qualitative market research: An international journal","DOI":"10.1108\/13522750010322089"},{"key":"646_CR29","unstructured":"ISO (n.d.) (2022) -03-23 from https:\/\/www.iso.org\/standards.html"},{"issue":"4","key":"646_CR30","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1109\/MSP.2012.29","volume":"10","author":"J Kallberg","year":"2012","unstructured":"Kallberg J (2012) The common criteria meets realpolitik: Trust, alliances, and potential betrayal. IEEE Secur Priv 10(4):50\u201353","journal-title":"IEEE Secur Priv"},{"key":"646_CR72","unstructured":"Kica E, Bowman DM (2012) Regulation by means of standardization: key legitimacy issues of health and safety nanotechnology standards. Jurimetrics 53(1):11\u201356"},{"issue":"2","key":"646_CR31","first-page":"1","volume":"4","author":"IM Lopes","year":"2019","unstructured":"Lopes IM, Guarda T, Oliveira P (2019) Implementation of ISO 27001 standards as GDPR compliance facilitator. J Inform Syst Eng Manage 4(2):1\u20138","journal-title":"J Inform Syst Eng Manage"},{"key":"646_CR32","doi-asserted-by":"crossref","unstructured":"Mansell SF (2013) Capitalism, corporations and the social contract: a critique of stakeholder theory. Cambridge University Press","DOI":"10.1017\/CBO9781139058926"},{"key":"646_CR33","unstructured":"Mayntz R (2010) Legitimacy and compliance in transnational governance. Working Paper 10\/5. Cologne: Max Planck Institute for the Study of Societies"},{"issue":"3","key":"646_CR34","doi-asserted-by":"publisher","first-page":"527","DOI":"10.5840\/beq201222333","volume":"22","author":"S Mena","year":"2012","unstructured":"Mena S, Palazzo G (2012) Input and output legitimacy of multi-stakeholder initiatives. Bus Ethics Q 22(3):527\u2013556","journal-title":"Bus Ethics Q"},{"issue":"4","key":"646_CR35","doi-asserted-by":"publisher","first-page":"853","DOI":"10.2307\/259247","volume":"22","author":"R Mitchell","year":"1997","unstructured":"Mitchell R, Agle B, Wood D (1997) Toward a theory of stakeholder identification and salience: defining the principle of who and what really counts. Acad Manage Rev 22(4):853\u2013858","journal-title":"Acad Manage Rev"},{"key":"646_CR36","doi-asserted-by":"crossref","unstructured":"Myers MD, Avison D (eds) (2002) Qualitative research in information systems: a reader. Sage","DOI":"10.4135\/9781849209687"},{"key":"646_CR37","doi-asserted-by":"crossref","unstructured":"Nancylia M, Mudjtabar EK, Sutikno S, Rosmansyah Y (2014, October) The measurement design of information security management system. In: 2014 8th international conference on telecommunication systems services and applications (TSSA). IEEE, p\u00a01\u20135","DOI":"10.1109\/TSSA.2014.7065914"},{"key":"646_CR71","unstructured":"Niemimaa E (2016) Crafting an information security policy: insights from an ethnographic study. In: The 37th international conference on information systems (ICIS 2016)"},{"issue":"3","key":"646_CR40","doi-asserted-by":"crossref","first-page":"1017","DOI":"10.18421\/TEM83-46","volume":"8","author":"D Orozova","year":"2019","unstructured":"Orozova D, Kaloyanova K, Todorova M (2019) Introducing Information Security Concepts and Standards in Higher Education. TEM J 8(3):1017","journal-title":"TEM J"},{"key":"646_CR41","unstructured":"Piper L (2019) Ledn sys ISO 27001:2017 - att t\u00e4nka p\u00e5 f\u00f6r en certifiering. 4Certifiering. https:\/\/www.4certifiering.se\/index.php\/saekerhet-ledn-sys-iso-27001-2017"},{"key":"646_CR42","doi-asserted-by":"crossref","unstructured":"Proen\u00e7a D, Borbinha J (2018), July Information security management systems-a maturity model based on ISO\/IEC 27001. In International Conference on Business Information Systems (pp.\u00a0102\u2013114). Springer, Cham","DOI":"10.1007\/978-3-319-93931-5_8"},{"issue":"8","key":"646_CR43","first-page":"4","volume":"18","author":"A Rezakhani","year":"2011","unstructured":"Rezakhani A, Hajebi A, Mohammadi N (2011) Standardization of all information security management systems. Int J Comput Appl 18(8):4\u20138","journal-title":"Int J Comput Appl"},{"issue":"2","key":"646_CR44","doi-asserted-by":"publisher","first-page":"217","DOI":"10.1007\/s10551-010-0543-9","volume":"98","author":"AJ Richardson","year":"2011","unstructured":"Richardson AJ, Eberlein B (2011) Legitimating transnational standard-setting: the case of the International Accounting Standards Board. J Bus Ethics 98(2):217\u2013245","journal-title":"J Bus Ethics"},{"issue":"3","key":"646_CR45","doi-asserted-by":"publisher","first-page":"30","DOI":"10.3390\/fi8030030","volume":"8","author":"A Santos-Olmo","year":"2016","unstructured":"Santos-Olmo A, S\u00e1nchez LE, Caballero I, Camacho S, Fernandez-Medina E (2016) The importance of the security culture in SMEs as regards the correct management of the security of their assets. Future Internet 8(3):30","journal-title":"Future Internet"},{"key":"646_CR46","doi-asserted-by":"publisher","DOI":"10.1093\/acprof:oso\/9780198295457.001.0001","volume-title":"Governing in Europe: effective and democratic?","author":"FW Scharpf","year":"1999","unstructured":"Scharpf FW (1999) Governing in Europe: effective and democratic? Oxford University Press, Oxford\/New York"},{"key":"646_CR47","doi-asserted-by":"crossref","unstructured":"Schmidt A (2009), November Conceptualizing Internet security governance. In GigaNet: Global Internet Governance Academic Network, Annual Symposium","DOI":"10.2139\/ssrn.2808775"},{"issue":"1","key":"646_CR48","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1111\/j.1467-9248.2012.00962.x","volume":"61","author":"VA Schmidt","year":"2013","unstructured":"Schmidt VA (2013) Democracy and legitimacy in the European Union revisited: Input, output and \u2018throughput\u2019. Polit Stud 61(1):2\u201322","journal-title":"Polit Stud"},{"key":"646_CR49","unstructured":"Seltsikas P, Soyref M (2013) Information security: a stakeholder network perspective. In ACIS 2013: Information systems: Transforming the Future: Proceedings of the 24th Australasian Conference on Information Systems (pp.\u00a01\u201311). RMIT University"},{"issue":"3","key":"646_CR50","first-page":"42","volume":"9","author":"NK Sharma","year":"2012","unstructured":"Sharma NK, Dash PK (2012) Effectiveness of ISO 27001, as an information security management system: an analytical study of financial aspects. Far East Journal of Psychology and Business 9(3):42\u201355","journal-title":"Far East Journal of Psychology and Business"},{"key":"646_CR51","doi-asserted-by":"crossref","unstructured":"Shojaie B, Federrath H, Saberi I (2014), September Evaluating the effectiveness of ISO 27001: 2013 based on Annex A. In 2014 Ninth International Conference on Availability, Reliability and Security (pp.\u00a0259\u2013264). IEEE","DOI":"10.1109\/ARES.2014.41"},{"key":"646_CR52","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1016\/j.dss.2016.09.014","volume":"92","author":"L Silva","year":"2016","unstructured":"Silva L, Hsu C, Backhouse J, McDonnell A (2016) Resistance and power in a security certification scheme: the case of c: cure. Decis Support Syst 92:68\u201378","journal-title":"Decis Support Syst"},{"issue":"5","key":"646_CR53","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1016\/j.im.2008.12.007","volume":"46","author":"M Siponen","year":"2009","unstructured":"Siponen M, Willison R (2009) Information security management standards: problems and solutions. Inf Manag 46(5):267\u2013270","journal-title":"Inf Manag"},{"key":"646_CR57","doi-asserted-by":"crossref","unstructured":"Susanto H, Almunawar MN (2018) Information security management systems: a novel framework and software as a tool for compliance with information security standards. Apple Academic Press","DOI":"10.1201\/9781315232355"},{"key":"646_CR54","doi-asserted-by":"crossref","unstructured":"Susanto A, Shobariah E (2016), April Assessment of ISMS based on standard ISO\/IEC 27001: 2013 at DISKOMINFO Depok City. In 2016 4th International Conference on Cyber and IT Service Management (pp.\u00a01\u20136). IEEE","DOI":"10.1109\/CITSM.2016.7577471"},{"issue":"5","key":"646_CR55","first-page":"23","volume":"11","author":"H Susanto","year":"2011","unstructured":"Susanto H, Almunawar MN, Tuan YC (2011) Information security management system standards: a comparative study of the big five. Int J Electr Comput Sci IJECSIJENS 11(5):23\u201329","journal-title":"Int J Electr Comput Sci IJECSIJENS"},{"issue":"1","key":"646_CR56","first-page":"67","volume":"2","author":"H Susanto","year":"2012","unstructured":"Susanto H, Almunawar MN, Tuan YC (2012) Information security challenge and breaches: novelty approach on measuring ISO 27001 readiness level. Int J Eng Technol 2(1):67\u201375","journal-title":"Int J Eng Technol"},{"key":"646_CR75","unstructured":"Swedish Civil Contingencies Agency - MSB (2020) Myndigheten f\u00f6r samh\u00e4llsskydd och beredskaps f\u00f6rfattningssamling. F\u00f6reskrifter om informationss?kerhet f\u00f6r statliga myndigheter, MSBFS 2020:6"},{"key":"646_CR58","unstructured":"Swedish Standards Institute (2017) Informationsteknik - S\u00e4kerhetstekniker - Ledningssystem f\u00f6r informationss\u00e4kerhet - Krav (ISO\/IEC 27001:2013 med Cor 1:2014 and Cor 2:2015). Svenska institutet f\u00f6r standarder. https:\/\/www-sis-se.db.ub.oru.se\/produkter\/terminologi-och-dokumentation\/informationsvetenskap-publicering\/dokument-for-administration-handel-och-industri\/ssenisoiec270012017\/"},{"key":"646_CR59","unstructured":"Swedish Standards Institute (2020) Informationsteknik - S\u00e4kerhetstekniker - Ledningssystem f\u00f6r informationss\u00e4kerhet - \u00d6versikt och terminologi (ISO\/IEC 27000:2018). Svenska institutet f\u00f6r standarder. https:\/\/www-sis-se.db.ub.oru.se\/produkter\/terminologi-och-dokumentation\/ordlistor\/informationsteknik-ordlistor\/ss-en-isoiec-2700020202\/"},{"key":"646_CR60","unstructured":"Tanovic A, Butkovic A, Orucevic F, Mastorakis N (2014) The importance of introducing. Information Security Management Systems for Service Providers"},{"issue":"2","key":"646_CR61","first-page":"201","volume":"24","author":"B \u0162ig\u0103noaia","year":"2015","unstructured":"\u0162ig\u0103noaia B (2015) Some aspects regarding the information security management system within organizations\u2013adopting the ISO\/IEC 27001: 2013 standard. Stud Inf Control 24(2):201\u2013210","journal-title":"Stud Inf Control"},{"key":"646_CR62","doi-asserted-by":"crossref","unstructured":"Tjirare DJ, Shava FB (2017), May A gap analysis of the ISO\/IEC 27000 standard implementation in Namibia. In 2017 IST-Africa Week Conference (IST-Africa) (pp.\u00a01\u201310). IEEE","DOI":"10.23919\/ISTAFRICA.2017.8102376"},{"issue":"3","key":"646_CR63","first-page":"128","volume":"3","author":"DC Tofan","year":"2011","unstructured":"Tofan DC (2011) Information security standards. J Mob Embedded Distrib Syst 3(3):128\u2013135","journal-title":"J Mob Embedded Distrib Syst"},{"key":"646_CR64","doi-asserted-by":"crossref","unstructured":"Topa I, Karyda M (2019) From theory to practice: guidelines for enhancing information security management. Information & Computer Security","DOI":"10.1108\/ICS-09-2018-0108"},{"key":"646_CR65","doi-asserted-by":"crossref","unstructured":"Uwizeyemungu S, Poba-Nzaou P (2015), February Understanding information technology security standards diffusion: An institutional perspective. In 2015 International Conference on Information Systems Security and Privacy (ICISSP) (pp.\u00a05\u201316). IEEE","DOI":"10.5220\/0005227200050016"},{"key":"646_CR66","doi-asserted-by":"crossref","unstructured":"Von Solms R (1999) Information security management: why standards are important. Inform Manage Comput Secur.","DOI":"10.1108\/09685229910255223"},{"issue":"10","key":"646_CR67","doi-asserted-by":"publisher","first-page":"1861","DOI":"10.1108\/00251741211279648","volume":"50","author":"E Wagner","year":"2012","unstructured":"Wagner E, Mainardes, Alves H, Raposo M (2012) A model for stakeholder classification and stakeholder relationships. Manag Decis 50(10):1861\u20131879","journal-title":"Manag Decis"},{"issue":"2","key":"646_CR68","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1177\/0007650302041002006","volume":"41","author":"SA Welcomer","year":"2002","unstructured":"Welcomer SA (2002) Firm-stakeholder networks: organizational response to external influence and organizational philosophy. Bus Soc 41(2):251\u2013257","journal-title":"Bus Soc"},{"issue":"1","key":"646_CR69","first-page":"19","volume":"2","author":"R Werle","year":"2006","unstructured":"Werle R, Iversen EJ (2006) Promoting legitimacy in technical standardization. Sci Technol Innov Stud 2(1):19\u201339","journal-title":"Sci Technol Innov Stud"},{"key":"646_CR70","doi-asserted-by":"crossref","unstructured":"Yaokumah W, Brown S (2014) An empirical examination of the relationship between information security\/business strategic alignment and information security governance domain areas. J Law Govern 9(2):51\u201366","DOI":"10.15209\/jbsge.v9i2.718"}],"container-title":["Information Systems and e-Business Management"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10257-023-00646-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10257-023-00646-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10257-023-00646-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,26]],"date-time":"2024-10-26T13:01:09Z","timestamp":1729947669000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10257-023-00646-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,8,21]]},"references-count":72,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2023,9]]}},"alternative-id":["646"],"URL":"https:\/\/doi.org\/10.1007\/s10257-023-00646-y","relation":{},"ISSN":["1617-9846","1617-9854"],"issn-type":[{"value":"1617-9846","type":"print"},{"value":"1617-9854","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,8,21]]},"assertion":[{"value":"19 January 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 June 2023","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"17 July 2023","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"21 August 2023","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The authors have no competing interests, including financial and non-financial, to declare that are relevant to the content of this article.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}}]}}