Systematic Literature Review of ISO/IEC 27001 Implementation in Small and Medium Enterprises for IoT Edge Environment
English
Abstract
This paper presents a Systematic Literature Review (SLR) that analyzes the implementation of the ISO/IEC 27001 standard in the context of Small and Medium Enterprises (SMEs). The background of this study is the increasing cyber threats and the urgent need for SMEs to adopt a robust Information Security Management System (ISMS). The methodology used is based on an in-depth analysis of relevant academic papers, industry reports, and case studies. This abstract summarizes the key findings, including the identification of significant organizational, resource, and procedural challenges faced by SMEs. These challenges are then contrasted with a synthesis framework of Critical Success Factors (CSFs), which highlights the central role of leadership, organizational culture, and strategic planning. Furthermore, the paper articulates the strategic benefits of certification, which go beyond mere compliance and offer a real competitive advantage. Finally, the abstract discusses the adaptation of these security principles to the unique threat landscape ofInternet of Things(IoT) andEdge Computing. The study concludes with key recommendations for practitioners and directions for future research, providing a comprehensive guide to navigating the complexities of ISMS implementation in the digital age.
References
N. S. Ramadhan, "Individual Task 2: Background of Interest in Cyber Security," unpublished, 2024.
A. F. Al-Dhaqm, dkk., "Cybersecurity Challenges for Small and Medium Enterprises (SMEs): A Systematic Review," arXiv:2309.17186, Sep. 2023.
"The Pros (and Cons!) of ISO 27001 for Australian SMEs," Cyber Hour.
"ISO 27001:2022 - Everything you need to know about the ISO 27001 2022 standard update," isms.online, Sept. 30, 2024. [Online]. Available:
A. A. Al-Ahmad, dkk., "A Case Study Illustrating the Implementation of ISO 27001 in an Information Technology Company," Sustainability, vol. 15, no. 7, hlm. 5828, 2023.
"ISO 27001 implementation checklist," Advisera 27001Academy. [Online]. Available: https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/.
"ISO 27001 Implementation: Common Challenges and How to Overcome Them," Ready, 2025. [Online]. Available: https://www.dionach.com/iso-27001-implementation-common-challenges-and-how-to-overcome-them/.
A. De-Angelis, dkk., "The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda," The TQM Journal, vol. 33, no. 5, hlm. 1057-1081, 2021.
A. F. Al-Dhaqm, dkk., "Cybersecurity Challenges for Small and Medium Enterprises (SMEs): A Systematic Review," arXiv:2309.17186, Sep. 2023. [Online]. Available: https://arxiv.org/pdf/2309.17186.
R. E. Reyes-Acosta, dkk., "Cybersecurity Conceptual Framework Applied to Edge Computing and Internet of Things Environments," Appl. Sci., vol. 14, no. 11, hlm. 2109, 2024.
"Major Cybersecurity Challenges in the Age of IoT," Cyber Management Alliance. [Online]. Available: https://www.cm-alliance.com/cybersecurity-blog/major-cybersecurity-challenges-in-the-age-of-iot.
"Conquering ISO 27001 Challenges: Your Path to Success," Iseo Blue. [Online]. Available: https://iseoblue.com/post/common-challenges-in-implementing-iso-27001-and-how-to-overcome-them/.
"Pitfalls to avoid when implementing ISO 27001," DataGuard. [Online]. Available: https://www.dataguard.com/blog/pitfalls-to-avoid-when-implementing-iso-27001/.
"Common Challenges While Implementing ISO-27001 and How to Overcome Them," Novelist, 2025. [Online]. Available: https://www.novelvista.com/blogs/quality-management/common-challenges-while-implementing-ISO-27001-and-how-to-overcome-them.
"ISO 27001 Implementation: Common Challenges and How to Overcome Them," Ready, 2025. [Online]. Available: https://www.dionach.com/iso-27001-implementation-common-challenges-and-how-to-overcome-them/.
"The Biggest ISO 27001 Implementation Challenges,"Bulletproof, May 12, 2022. [Online]. Available:https://www.bulletproof.co.uk/blog/iso-27001-biggest-implementation-challenges.
"ISO 27001 Implementation: Common Challenges and How to Overcome Them," Ready, 2025. [Online]. Available: https://www.dionach.com/iso-27001-implementation-common-challenges-and-how-to-overcome-them/.
"SME Challenges in ISO 27001 Risk Management,"isms.online. [Online]. Available:https://www.isms.online/iso-27001/risk-management/sme-challenges/.
"Overcoming Common Challenges in Implementing ISO27001 for SMEs," ISO 9001 Consultants. [Online]. Available:
https://iso9001consultants.com.au/challenges-implementing-iso-27001-for-smes/.
"Overcoming Common ISO 27001 Challenges for Small Companies," Systemi.se. [Online]. Available: https://systemi.se/2025/01/19/iso-27001-challenges-for-small-companies/.
C. H. Hsieh, dkk., "Assessing the critical success factors of ISO 27001 certification," African Journal of Business Management, vol. 8, no. 12, hlm. 449-461, 2014.
"Common Challenges While Implementing ISO-27001 and How to Overcome Them," Novelist, 2025. [Online]. Available: https://www.novelvista.com/blogs/quality-management/common-challenges-while-implementing-ISO-27001-and-how-to-overcome-them.
"ISO 27001 for small businesses," Sprint.[Online]. Available: https://sprinto.com/blog/iso-27001-for-small-businesses/.
"ISO 27001 implementation – 4 key challenges & how to overcome them," isms.online, 20 Jun. 2022. [Online]. Available: https://www.isms.online/iso-27001/iso-27001-implementation-4-key-challenges-how-to-overcome-them/.
"Why ISO 27001 Certification for Small Businesses is A Growth Driver in 2025," Free P2C. [Online]. Available: https://www.friggp2c.com/why-iso-27001-certification-for-small-businesses-works-in-2025/.
"ISO 27001," C-Risk. [Online]. Available: https://www.c-risk.com/blog/iso-27001.
"What are the benefits of ISO 27001 compliance and certification?," DataGuard. [Online]. Available: https://www.dataguard.com/iso-27001/benefits/.
"Why the ISO 27001 Certification Matters for SMEs," deeploi. [Online]. Available: https://www.deeploi.io/magazine/why-the-iso-27001-certification-matters-for-smes.
"ISO 27001 Case Study: Agrimetrics," Risk Crew. [Online]. Available: https://www.riskcrew.com/wp-content/uploads/2023/04/ISO-2700
1-Case-Study.pdf.
P. Pawanawichien, dkk., "The Utilization of ISO/IEC 27001:2013 as a Framework for Security Improvement in Accordance with GDPR for SMEs," Suan Sunandha Science and Technology Journal, vol. 8, no. 2, hlm. 11-17, 2022.
"Information security for SME," DQS Global. [Online]. Available: https://www.dqsglobal.com/en-in/learn/blog/information-security-
for-sme.
M. A. El-Nawawy, dkk., "A Proactive Cybersecurity Framework Based on ISO 27001 for the Downstream Oil and Gas Industry," Journal of Information Security, vol. 14, hlm. 131-151, 2023.
"Understanding IoT Security: Challenges, Standards, and Best Practices," Sternum. [Online]. Available: https://sternumiot.com/iot-blog/understanding-iot-security-challenges-standards-and-best-practices/.
"Navigating IoT Compliance Regulations and Security Challenges," Finite State. [Online]. Available: https://finitestate.io/blog/iot-compliance-regulations-security-challenges.
"Top 12 IoT Security Challenges & Solutions," Moon Technolabs. [Online]. Available: https://www.moontechnolabs.com/blog/iot-security-challenges/.
M. A. El-Nawawy, dkk., "A Proactive Cybersecurity Framework Based on ISO 27001 for the Downstream Oil and Gas Industry," Journal of Information Security, vol. 14, hlm. 131-151, 2023.
"Securing IoT: The Essential Role of ISO 27001," Talking IoT. [Online]. Available: https://talkingiot.io/securing-iot-the-essential-role-of-iso-27001/.
"ISO 27001:2022 - Everything you need to know about the ISO 27001 2022 standard update," isms.online. [Online]. Available: https://www.isms.online/information-security/everything-you-need-to-know-about-the-iso-27001-2022-standard-update/.
"Securing Edge Computing," Number Analytics. [Online]. Available: https://www.numberanalytics.com/blog/securing-edge-computing.
"Edge Computing and IoT Security: How to Secure Data at the Edge," Medium. [Online]. Available: https://medium.com/@RocketMeUpCybersecurity/edge-computing-and-iot-security-how-to-secure-data-at-the-edge-963e8de86e4b.
"Ensuring Security and Compliance for Infrastructure at the Edge," Chatsworth Products, 2024. [Online]. Available:https://www.chatsworth.com/en-us/resources/blogs/2024/ensuring-security-and-compliance-edge-computing.
"Securing Edge Computing," Seidor. [Online]. Available: https://www.seidor.com/blog/securing-edge-computing.
"Enhancing Information Security Management in Small and Medium Enterprises (SMEs) Through ISO 27001 Compliance," ResearchGate, 2024. [Online]. Available: https://www.researchgate.net/publication/379020349_Enhancing_Information_Security_Management_in_Small_and_Medium_Ent
erprises_SMEs_Through_ISO_27001_Compliance.
Helmiawan, M. A., & Wiharko, T. (2018). Application of Fingerprint Security System on Motorcycles using Arduino Microcontroller. J-Tin’s-Jurnal Teknik Informatika, 2(1).
Helmiawan, M. A., Juna, D. I., & Ramdhani, B. (2018). Pengamanan Sistem Dan Data E-Voting Berbasis Network. INTERNAL (Information System Journal), 1(1), 1–10.
Helmiawan, M. A., Firmansyah, E., Fadil, I., Sofivan, Y., Mahardika, F., & Guntara, A. (2020). Analysis of web security using open web application security project 10. 2020 8th International Conference on Cyber and IT Service Management
Helmiawan, M. A., Julian, E., Cahyan, Y., & Saeppani, A. (2021). Experimental evaluation of security monitoring and notification on network intrusion detection system for server security. 2021 9th International Conference on Cyber and IT Service Management (CITSM ….
Helmiawan, M. A., Fadil, I., Sofiyan, Y., & Firmansyah, E. (2021). Security model using intrusion detection system on cloud computing security management. 2021 9th International Conference on Cyber and IT Service Management (CITSM ….
Helmiawan, M. A., & Nasution, A. I. (2022). The Effect of Internet Banking Use and Customer Protection Against Cyber Crime at Bank Rakyat Indonesia. Journal of Islamic Economics and Business, 2(2), 170–183.