Abstract:

Organisations are in permanent contact with various threats that can exploit their security vulnerabilities anytime. The international standard ISO/IEC 27001 proposes a best practice framework for securing the organizational critical assets by implementing effective information security controls. In this way, the organisation who is implementing the requirements of this standard creates an Information Security Management System (ISMS) that can keep under control the information security risks. The implementation of ISMS in a company can be difficult due to the challenges the organisation faces in its current activity due to cost reduction and cost control requirements.

This paper presents the application possibility of Six Sigma tools to solve these ISMS implementation issues. The research carried out by the authors highlights that an Information Security Management System can become much stronger if Six Sigma tools are used, as the DMAIC methodology is much more detailed than the PDCA improvement cycle.