In the light of digitalization and recent EU policy initiatives, information is an important asset that organizations of all sizes and from all sectors should secure. However, in order to provide common requirements for the implementation of an information security management system, the internationally well-accepted ISO/IEC 27001 standard has not shown the expected growth rate since its publication more than a decade ago. In this article, we apply web mining to explore the adoption of ISO/IEC 27001 through a series of 2664 out of more than 900 000 German firms from the Mannheim Enterprise Panel dataset that refers to this standard on their websites. As a result, we present a ‘‘landscape’’ of ISO/IEC 27001 in Germany, which shows that firms not only seek certifications themselves but often refer on their websites to partners who are certified instead. Consequently, we estimate a probit model and find that larger and more innovative firms are more likely to be certified to ISO/IEC 27001 and that almost half of all certified firms belong to the information and communications technology (ICT) service sector. Based on our findings, we derive implications for policy makers and management and critically assess the suitability of web mining to explore the adoption of management system standards.

中文翻译：

---

探索采用国际信息安全管理系统标准 ISO/IEC 27001：基于网络挖掘的分析

鉴于数字化和最近的欧盟政策举措，信息是各种规模和所有部门的组织都应该保护的重要资产。然而，为了为信息安全管理体系的实施提供共同的要求，国际公认的ISO/IEC 27001标准自十多年前发布以来并没有表现出预期的增长速度。在本文中，我们通过来自曼海姆企业面板数据集的 900 000 多家德国公司中的 2664 家公司应用网络挖掘来探索 ISO/IEC 27001 的采用情况，这些公司在其网站上引用了该标准。因此，我们在德国展示了 ISO/IEC 27001 的“风景”，这表明公司不仅自己寻求认证，而且经常在其网站上推荐获得认证的合作伙伴。因此，我们估计了一个概率模型，发现规模更大、更具创新性的公司更有可能获得 ISO/IEC 27001 认证，并且几乎一半的认证公司都属于信息和通信技术 (ICT) 服务行业。根据我们的发现，我们得出对决策者和管理层的影响，并批判性地评估网络挖掘的适用性，以探索采用管理系统标准。