{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T18:00:39Z","timestamp":1754157639291,"version":"3.41.2"},"reference-count":12,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2007,8,21]],"date-time":"2007-08-21T00:00:00Z","timestamp":1187654400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2007,8,21]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-heading\">Purpose<\/jats:title><jats:p>With the widespread of e\u2010services, provided by different organizations at the internal intranet level, the business extranet level, and the public internet level, compliance with international information security management standards is becoming of increasing importance for establishing a common and safe environment for such services. The purpose of this paper is to examine the development of a mathematical model that enables the investigation of compliance of organizations with the widely acknowledged international information security management standard ISO 17799\u20102005.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title><jats:p>The model is based on the strategy, technology, organization, people and environment \u2013 STOPE \u2013 framework that provides an integrated well\u2010structured view of the various factors involved. The paper addresses the use of the model for practical investigations; it describes a practical example illustrating possible practical results.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Findings<\/jats:title><jats:p>The results show the strengths and the weaknesses of compliance, with the standard, at different levels: from the level of the measures associated with each of the \u201c131\u201d standard protection controls, up to the level of the STOPE domains.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title><jats:p>The paper addresses the use of a mathematical model for practical investigations of compliance with the international information security management standard.<\/jats:p><\/jats:sec>","DOI":"10.1108\/09685220710817806","type":"journal-article","created":{"date-parts":[[2007,8,11]],"date-time":"2007-08-11T07:05:34Z","timestamp":1186815934000},"page":"283-294","source":"Crossref","is-referenced-by-count":11,"title":["A STOPE model for the investigation of compliance with ISO 17799\u20102005"],"prefix":"10.1108","volume":"15","author":[{"given":"Mohamed","family":"Saad Saleh","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Abdullah","family":"Alrabiah","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Saad","family":"Haj Bakry","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2022032220085068900_b3","doi-asserted-by":"crossref","unstructured":"Bakry, S.H. (2003a), \u201cToward the development of a standard e\u2010readiness assessment policy\u201d, International Journal of Network Management, Vol. 13 No. 2, pp. 129\u201037.","DOI":"10.1002\/nem.466"},{"key":"key2022032220085068900_b4","doi-asserted-by":"crossref","unstructured":"Bakry, S.H. (2003b), \u201cDevelopment of security policies for private networks\u201d, International Journal of Network Management, Vol. 13 No. 3, pp. 203\u201010.","DOI":"10.1002\/nem.472"},{"key":"key2022032220085068900_b2","doi-asserted-by":"crossref","unstructured":"Bakry, S.H. (2004), \u201cDevelopment of e\u2010government: a STOPE view\u201d, International Journal of Network Management, Vol. 14 No. 5, pp. 339\u201050.","DOI":"10.1002\/nem.529"},{"key":"key2022032220085068900_b1","doi-asserted-by":"crossref","unstructured":"Bakry, S.H. and Bakry, F.H. (2001), \u201cA strategic view for the development of e\u2010business\u201d, International Journal of Network Management, Vol. 11 No. 2, pp. 103\u201012.","DOI":"10.1002\/nem.395"},{"key":"key2022032220085068900_b5","doi-asserted-by":"crossref","unstructured":"Eloff, J.H. and Eloff, M.M. (2003), \u201cInformation security management \u2013 a new paradigm\u201d, Proceedings of SAICST, pp. 130\u20106.","DOI":"10.1007\/978-0-387-35691-4_17"},{"key":"key2022032220085068900_b6","doi-asserted-by":"crossref","unstructured":"Fung, A.R., Farn, K. and Lin, A. (2003), \u201cA study on the certification of the information security management systems\u201d, Computer Standards & Interfaces, Vol. 25, pp. 447\u201061.","DOI":"10.1016\/S0920-5489(03)00014-X"},{"key":"key2022032220085068900_b7","unstructured":"ISO (2006), The website of the International Organization of Standardization, available at: www.iso.org (accessed March 2006)."},{"key":"key2022032220085068900_b8","unstructured":"ISO\/IEC 17799\u20102005 (E) (2005), Information Technology\u2010Security Techniques\u2010Code of Practice for Information Security Management, International Standards Organization, Geneva."},{"key":"key2022032220085068900_b9","unstructured":"ISO\/IEC 27001 (2005), Information Technology\u2010Security Techniques\u2010Information Security Management Systems\u2010Requirements, International Standards Organization, Geneva."},{"key":"key2022032220085068900_b10","doi-asserted-by":"crossref","unstructured":"Saleh, M.S., Alrabiah, A. and Bakry, S.H. (2007), \u201cUsing ISO 17799\u20102005 security management standard: a STOPE view with six sigma approach\u201d, International Journal of Network Management, Vol. 17 No. 1, pp. 85\u201097.","DOI":"10.1002\/nem.616"},{"key":"key2022032220085068900_b11","doi-asserted-by":"crossref","unstructured":"von Solms, R. (1999), \u201cInformation security management: why standards are important\u201d, Information Management & Computer Security, Vol. 7 No. 1, pp. 50\u20107.","DOI":"10.1108\/09685229910255223"},{"key":"key2022032220085068900_b12","doi-asserted-by":"crossref","unstructured":"von Solms, B. and von Solms, R. (2001), \u201cIncremental information security certification\u201d, Computers & Security, Vol. 20 No. 4, pp. 308\u201010.","DOI":"10.1016\/S0167-4048(01)00405-9"}],"container-title":["Information Management &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/09685220710817806","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220710817806\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220710817806\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T00:09:02Z","timestamp":1753402142000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/15\/4\/283-294\/180185"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007,8,21]]},"references-count":12,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2007,8,21]]}},"alternative-id":["10.1108\/09685220710817806"],"URL":"https:\/\/doi.org\/10.1108\/09685220710817806","relation":{},"ISSN":["0968-5227"],"issn-type":[{"type":"print","value":"0968-5227"}],"subject":[],"published":{"date-parts":[[2007,8,21]]}}}