The 2007 ISO 27001 Benchmark Study
A Benchmark Study Measuring the Effectiveness
of Organizations to Govern Information Security

Abstract

By and large, leading technology industry analysts and the audit community have endorsed the use of ISO 27001/27002 to effectively establish, manage, measure and improve an Information Security Management System (ISMS). With this in mind, Wolcott Group designed the ISO 27001 Benchmark Study to assess how effectively organizations are governing information security.

The study was conducted through an online, self-assessment survey on the implementation and maturity of the participant’s Information Security Management System (ISMS). The participants were asked questions based on the most common controls in ISO 27001/27002. For each of the stated controls, they were asked to rate the value of that control to their organization and also to rate their organization’s maturity for implementing the control.

In addition to producing the findings in this study, the online survey tool produced instant, on-demand results that provided the participants with a high-level snapshot of their ISMS as well as a comparative view of their ISMS to the ISMS of the other responders. This online self-assessment is still available to measure your information security practices against the ISO 27001 standard and your peers. To use the self-assessment, visit https://benchmark.wolcottgroup.com.

The 2007 ISO 27001 Benchmark Study was participated in by respondents in a variety of industries, organizations, and roles.

Download the study. Please note that a valid email address will be required.