Research Article

Key Considerations in Preparing Specifications for ISMS Projects

Volume: 1 Number: 2 December 16, 2025
TR EN

Key Considerations in Preparing Specifications for ISMS Projects

Abstract

In the digital era, where information security has become indispensable for institutional sustainability, establishing an Information Security Management System (ISMS) and obtaining ISO/IEC 27001 certification are of critical importance for organizations. However, successful completion of this process requires more than just hiring a consultancy firm; it demands strong management support, active institutional involvement, and well-prepared technical specifications. This study outlines the key considerations in preparing specifications for ISMS projects and provides practical recommendations to guide organizations through implementation. Topics such as consultant selection, project duration, scope definition, risk analysis, security controls, internal audit, and certification processes are elaborated to support effective, compliant, and sustainable ISMS projects aligned with international standards.

Keywords

Ethical Statement

This article does not contain any studies involving human or animal subjects. Scientific and ethical principles were adhered to during the preparation of this study, and all referenced studies are listed in the references.

Thanks

Authors would like to thank to Dr. Ahmet Albayrak from Düzce University for his valuable comments and editorial effort.

References

  1. Ali, S. M., Razzaque, A., Yousaf, M., & Shan, R. U. (2025). An automated compliance framework for critical infrastructure security through artificial intelligence. IEEE Access, 13, 4436–4459. https://doi.org/10.1109/ACCESS.2024.3524496
  2. Bouraffa, T., & Hui, K. L. (2025). Regulating information and network security: Review and challenges. ACM Computing Surveys, 57(5). https://doi.org/10.1145/3711124
  3. Chan, K. C., Gururajan, R., & Carmignani, F. (2025). A human–Al collaborative framework for cybersecurity consulting in capstone projects for small businesses. Journal of Cybersecurity and Privacy, 5(2), Article 21. https://doi.org/10.3390/jcp5020021
  4. de Wit, J., Pieters, W., & van Gelder, P. (2025). Sources of security risk information: What do professionals rely on for their risk assessment? The Information Society, 41(3), 157–172. https://doi.org/10.1080/01972243.2025.2475311
  5. Górka–Chowaniec, A., & Popek, A. (2025). Attempt to use the demıng cycle (PDCA) in the process of implementing an information securıty management system. International Journal for Quality Research, 19(2), 371–386. https://doi.org/10.24874/IJQR19.02-01
  6. Pacana, A., & Czerwińska, K. (2025). Validation of the use of KPIs to measure information security management system performance in manufacturing companies. Production Engineering Archives, 31(2), 266–275. https://doi.org/10.30657/pea.2025.31.26
  7. Sánchez-García, I. D., Feliu, T. S., & Calvo-Manzano, J. A. (2025). Building a cyber risk treatment taxonomy. Cluster Computing, 28(3), Article 205. https://doi.org/10.1007/s10586-024-04899-1
  8. Sermhattakit, A., & Sae-Lim, P. (2025). Key risks and mitigation strategies in enterprise risk management for private hospitals: A mixed-method study. Inquiry, 62, 1-13. https://doi.org/10.1177/00469580251347132

Details

Primary Language

English

Subjects

Information Security Management

Journal Section

Research Article

Publication Date

December 16, 2025

Submission Date

August 26, 2025

Acceptance Date

October 24, 2025

Published in Issue

Year 2025 Volume: 1 Number: 2

APA
Mataracıoğlu, T., & Fidancıoğlu, D. (2025). Key Considerations in Preparing Specifications for ISMS Projects. Siber Güvenlik Ve Dijital Ekonomi, 1(2), 75-84. https://izlik.org/JA64BC59PG
AMA
1.Mataracıoğlu T, Fidancıoğlu D. Key Considerations in Preparing Specifications for ISMS Projects. Siber Güvenlik ve Dijital Ekonomi. 2025;1(2):75-84. https://izlik.org/JA64BC59PG
Chicago
Mataracıoğlu, Tolga, and Duygu Fidancıoğlu. 2025. “Key Considerations in Preparing Specifications for ISMS Projects”. Siber Güvenlik Ve Dijital Ekonomi 1 (2): 75-84. https://izlik.org/JA64BC59PG.
EndNote
Mataracıoğlu T, Fidancıoğlu D (December 1, 2025) Key Considerations in Preparing Specifications for ISMS Projects. Siber Güvenlik ve Dijital Ekonomi 1 2 75–84.
IEEE
[1]T. Mataracıoğlu and D. Fidancıoğlu, “Key Considerations in Preparing Specifications for ISMS Projects”, Siber Güvenlik ve Dijital Ekonomi, vol. 1, no. 2, pp. 75–84, Dec. 2025, [Online]. Available: https://izlik.org/JA64BC59PG
ISNAD
Mataracıoğlu, Tolga - Fidancıoğlu, Duygu. “Key Considerations in Preparing Specifications for ISMS Projects”. Siber Güvenlik ve Dijital Ekonomi 1/2 (December 1, 2025): 75-84. https://izlik.org/JA64BC59PG.
JAMA
1.Mataracıoğlu T, Fidancıoğlu D. Key Considerations in Preparing Specifications for ISMS Projects. Siber Güvenlik ve Dijital Ekonomi. 2025;1:75–84.
MLA
Mataracıoğlu, Tolga, and Duygu Fidancıoğlu. “Key Considerations in Preparing Specifications for ISMS Projects”. Siber Güvenlik Ve Dijital Ekonomi, vol. 1, no. 2, Dec. 2025, pp. 75-84, https://izlik.org/JA64BC59PG.
Vancouver
1.Tolga Mataracıoğlu, Duygu Fidancıoğlu. Key Considerations in Preparing Specifications for ISMS Projects. Siber Güvenlik ve Dijital Ekonomi [Internet]. 2025 Dec. 1;1(2):75-84. Available from: https://izlik.org/JA64BC59PG