DOI: https://doi.org/10.36719/2789-6919/56/178-183
Tunal Hasanov
Azerbaijan State Oil and Industry University
Master’s student
https://orcid.org/0009-0008-6948-8821
tunalhsnov10@gmail.com
Challenges in the Implementation of Information Security Strategies through Modern Approaches
Abstract
In today’s digital environment, ensuring information security has become a key priority for organizational resilience and reliability. The increasing complexity of information systems, the dynamic nature of cyber threats, and the evolution of attack techniques require security strategies to be regularly reviewed and adjusted. Although widely adopted international standards and frameworks such as ISO/IEC 27001, the NIST Cybersecurity Framework, and SANS controls provide a methodological foundation, their direct “one-size-fits-all” application is often ineffective in real organizational contexts. This paper examines the main challenges of implementing information security strategies using modern approaches. It analyzes prominent international standards and identifies practical limitations driven by organizational structure, legal and regulatory constraints, heterogeneous infrastructure, and limited financial and human resources – especially in large and public-sector environments. To address these gaps, the paper substantiates an adaptive security model that preserves core principles of international standards while enabling contextual tailoring. The proposed approach is based on risk-informed decision-making, consideration of security maturity levels, and phased implementation. A simple decision mechanism – an Adaptive Security Implementation Index (ASI) – is introduced to support selecting an appropriate implementation mode (baseline, hybrid, or adaptive).
Keywords: information security, adaptive security model, risk-based approach, cybersecurity strategy, security maturity, international standards, ISO/IEC 27001, NIST Cybersecurity Framework