Information security frameworks for assisting GDPR compliance in banking industry

Serrado, João; Pereira, Rúben; Silva, Miguel Mira da; Bianchi, Isaías Scalabrin

doi:10.1108/dprg-02-2020-0019

Cited by 14 publications

(24 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…before the GDPR publication, while the new regulatory requirements were included in the new ISO/IEC 27552 (Privacy Information Management). Nevertheless, previous research has highlighted similar requirements between the GDPR and ISO/IEC 27001 (Annarelli et al , 2020) as well as the fact that a structured ISMS is a prerequisite to meet the European directives (Serrado et al , 2020).…”

Section: Thematic Findingsmentioning

confidence: 99%

See 1 more Smart Citation

The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda

Culot

Nassimbeni

Podrecca

et al. 2021

TQM

View full text Add to dashboard Cite

PurposeAfter 15 years of research, this paper aims to present a review of the academic literature on the ISO/IEC 27001, the most renowned standard for information security and the third most widespread ISO certification. Emerging issues are reframed through the lenses of social systems thinking, deriving a theory-based research agenda to inspire interdisciplinary studies in the field.Design/methodology/approachThe study is structured as a systematic literature review.FindingsResearch themes and sub-themes are identified on five broad research foci: relation with other standards, motivations, issues in the implementation, possible outcomes and contextual factors.Originality/valueThe study presents a structured overview of the academic body of knowledge on ISO/IEC 27001, providing solid foundations for future research on the topic. A set of research opportunities is outlined, with the aim to inspire future interdisciplinary studies at the crossroad between information security and quality management. Managers interested in the implementation of the standard and policymakers can find an overview of academic knowledge useful to inform their decisions related to implementation and regulatory activities.

show abstract

Section: Thematic Findingsmentioning

confidence: 99%

“…Japan, Australia) initiatives fostering the diffusion of ISO/IEC 27001 (e.g. Lomas, 2010; Dionysiou, 2011; Serrado et al , 2020). Other studies highlight higher adoption in offshored countries – e.g.…”

Section: Thematic Findingsmentioning

confidence: 99%

The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda

Culot

Nassimbeni

Podrecca

et al. 2021

TQM

View full text Add to dashboard Cite

show abstract

“…Data and Technology are becoming pivotal assets for organisations, in innovation and to benefit their consumers (Serrado et al 2020;European Commission 2021a).…”

Section: Data Strategymentioning

confidence: 99%

“…Broader data protection regulations, such as the European General Data Protection Regulation (GDPR), sets new challenges for processing sensitive data, (Schulz et al 2021) in order to offer more personalised services that fit the customers' specific needs (European Commission 2020). Broader data protection also implies multiple and simultaneous access to data, with employee roles and responsibilities still evolving (Serrado et al 2020).…”

Section: Datamentioning

confidence: 99%

How does a data strategy enable customer value? The case of FinTechs and traditional banks under the open finance framework

2022

View full text Add to dashboard Cite

The coupling of data and digital innovation opens the way for new business in the financial services sector, where customers are placed at the centre of decisions and data can help to develop customer knowledge. To carry out our research, we adopted a multi-case study approach to explore how a data strategy is developed in the retail banking industry, together with its relationship with customer value, paying particular attention to the heterogeneity between traditional banks and financial technology companies (FinTechs). Two main points emerged from the study. Firstly, there are three possible approaches to Open Finance, which are mainly defined by their different corporate cultures, organisational configurations, technological architecture and data value. Secondly, it is not enough to be a FinTech to be best placed to exploit the market, as some traditional banks share the FinTechs’ approach to Open Finance. Designing new tailored products, customising their prices and offering them over the right channels through targeted communication are all data-driven initiatives that stem from cross- or up-selling potential, core to the retail banking industry for turning a customer into a cash flow, thus enabling value to be created for customers. Our findings additionally revealed that there is a form of external information asymmetry between the customer and the bank, and that there is also an internal asymmetry between bank departments, as their visibility on information about the same customer may differ.

show abstract

“…The three research disciplines mentioned above are closely related, influencing each other (Smith et al, 1996;Rose, 2019;Serrado et al, 2020;Rath and Kumar, 2021). Organizations need to leverage these three key research areas.…”

Section: Information Systems (Is) Researchmentioning

confidence: 99%

Information Privacy Assimilation

Halder

Attili

Gupta

2022

International Journal of Digital Strategy, Governance, and Business Transformation

View full text Add to dashboard Cite

This paper proposes a framework to understand organizations' perspectives while safeguarding customers' information privacy. Following a detailed literature review, a broad conceptual model was developed to build a theory based on a multi-site, multi-case study approach. The current manuscript treats information privacy as distinct from information security. From an organizational standpoint, this research reveals that legal policy, technology, and industry standards drive privacy assimilation. At a detailed level, adherence to compliance, competitive best practices, and data management controls significantly impact an organization's opportunistic perspective, resulting in higher-order assimilation (infusion) of organizational privacy practices. Resistance to compliance, investment cost, and reactive approach results in lower-order assimilation (adaptation) of organizational privacy practices. This study delivers practical implications related to how businesses perceive privacy practices while maintaining the right balance of privacy risks and opportunities.

show abstract

Information security frameworks for assisting GDPR compliance in banking industry

Cited by 14 publications

References 36 publications

The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda

The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda

How does a data strategy enable customer value? The case of FinTechs and traditional banks under the open finance framework

Information Privacy Assimilation

Contact Info

Product

Resources

About