Authors :
Julião Artur Francisco Mussa
Volume/Issue :
Volume 11 - 2026, Issue 6 - June
Google Scholar :
https://tinyurl.com/ytxvmk6s
Scribd :
https://tinyurl.com/2rutbje5
DOI :
https://doi.org/10.38124/ijisrt/26jun1208
Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.
Abstract :
The increasing digitalization of economic and social activities has intensified the importance of information
security as a strategic component of organizational governance and digital resilience. In this context, ISO/IEC 27001 has
emerged as the leading international standard for implementing Information Security Management Systems (ISMS),
supporting organizations in managing cybersecurity risks, enhancing regulatory compliance, and strengthening digital
trust. Despite its global relevance, limited research has examined the factors influencing ISO/IEC 27001 adoption in
developing countries, particularly within the Mozambican context. This study analyzes the challenges, opportunities, and
implications associated with the adoption of ISO/IEC 27001 in Mozambique. An integrative literature review and
documentary analysis were conducted, drawing upon scientific publications, institutional reports, regulatory frameworks,
and policy documents. The analysis was guided by the Technology–Organization–Environment (TOE) framework and the
Technology Acceptance Model (TAM), enabling the examination of technological, organizational, environmental, and
behavioral determinants of adoption. The findings indicate that ISO/IEC 27001 adoption is influenced by a combination of
factors, including technological infrastructure, organizational capabilities, financial resources, regulatory conditions,
management commitment, and stakeholders’ perceptions of usefulness and implementation complexity. Key barriers
include the shortage of qualified cybersecurity professionals, implementation and certification costs, infrastructural
limitations, and low levels of cybersecurity maturity. Conversely, significant opportunities were identified, including
enhanced digital trust, improved regulatory compliance, stronger risk management practices, increased organizational
competitiveness, and greater resilience against cyber threats. The study concludes that ISO/IEC 27001 represents a strategic
instrument for strengthening information security governance in Mozambique. The findings contribute to the literature on
information security governance and technology adoption by integrating the TOE and TAM frameworks within a
developing-country context. Practical recommendations are provided for organizations, policymakers, and regulatory
institutions seeking to foster cybersecurity maturity and sustainable digital transformation.
Keywords :
ISO/IEC 27001; Information Security Governance; Information Security Management Systems (ISMS); Cybersecurity; Technology–Organization–Environment (TOE); Technology Acceptance Model (TAM); Digital Transformation; Mozambique.
References :
- INTIC. (2025). Segurança dos dados em Moçambique na transformação digital e computação em nuvem: Uma abordagem estratégica. Disponível em: https://intic.gov.mz/seguranca-dos-dados-em-mocambique-na-transformacao-digital-e-computacao-em-nuvem-uma-abordagem-estrategica/
- Barros, M. J. Z., & Van Niekerk, B. (2023). Cybersecurity in Mozambique: Status and Challenges. European Conference on Information Warfare and Security.
- ISO. (s.d.). ISO/IEC 27000 family - Information security management systems. Disponível em: https://www.iso.org/isoiec-27001-information-security.html
- Linford & Co. (2025). What is ISO? Understanding International Security Standards. Disponível em: https://linfordco.com/blog/what-is-the-iso/
- Kitsios, F. (2023). The ISO/IEC 27001 Information Security Management Standard to Ensure Compliance. MDPI.
- SGS. (s.d.). Certificação ISO/IEC 27001 - Segurança da Informação. Disponível em: https://www.sgs.com/pt-mz/servicos/certificacao-iso-iec-27001-seguranca-da-informacao-ciberseguranca-e-protecao-da-privacidade
- ISO. (s.d.). The impact of ISO/IEC 27001 certification on digital trade. Disponível em: https://www.iso.org/files/live/sites/isoorg/files/store/en/PUB100505.pdf
- Tjirare, D. J. (2018). Designing a national adoption policy framework for ISO/IEC 27000 standards implementation in Namibia. NUST Repository.
- Ramtohul, A., & Soyjaudah, K. M. S. (2016). Information security governance for e-services in southern African developing countries e-Government projects. Journal of Science & Technology Policy Management.
- Culot, G., & Nassimbeni, G. (s.d.). The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda. ResearchGate.
- Ramadhan, N. (s.d.). IEC 27001 Information Security Management Standard to SMEs. DiVA Portal.
- Moçambique. (2017). Lei n.º 3/2017, de 9 de Janeiro (Lei das Transações Eletrónicas). Disponível em: https://www.dataguidance.com/sites/default/files/electronic_transactions_law.pdf
- PLMJ. (2025). Moçambique: Proposta de Lei de Proteção de Dados Pessoais. Disponível em: https://www.plmj.com/pt/conhecimento/notas-informativas/Mocambique-Proposta-de-Lei-de-Protecao-de-Dados-Pessoais/34166/
- INTIC. (s.d.). Governo inicia processo de actualização da Estratégia Nacional de Segurança Cibernética 2026-2030. Disponível em: https://intic.gov.mz/governo-inicia-processo-de-actualizacao-da-estrategia-nacional-de-seguranca-cibernetica-2026-2030/
- Academia.edu. (s.d.). SEGURANÇA CIBERNÉTICA: CAPACIDADE DE RESPOSTA À ATAQUES CIBERNÉTICOS A INFRA-ESTRUTURAS CRÍTICAS DE INFORMAÇÃO NO SECTOR DE TELEFONIA MÓVEL EM MOÇAMBIQUE. Disponível em: https://www.academia.edu/116788231/SEGURAN%C3%87A_CIBERN%C3%89TICA_CAPACIDADE_DE_RESPOSTA_%C3%80_ATAQUES_CIBERN%C3%89TICOS_A_INFRA_ESTRUTURAS_CR%C3%8DTICAS_DE_INFORMA%C3%87%C3%83O_NO_SECTOR_DE_TELEFONIA_M%C3%93VEL_EM_MO%C3%87AMBIQUE
- ITU. (s.d.). Global Cybersecurity Index. Disponível em: https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx
- ISACA. (2024). Navigating the ISO/IEC 27001:2022 Transition: A 90-Day Challenge. Disponível em: https://www.isaca.org/resources/isaca-journal/issues/2024/volume-3/navigating-the-iso-iec-27001-2022-transition-a-90-day-challenge
- BSI Group. (s.d.). Transition to the ISO/IEC 27001:2022 standard. Disponível em: https://www.bsigroup.com/en-GB/insights-and-media/insights/blogs/transition-to-the-iso-iec-27001-2022-standard/
- DePietro, R., Wiarda, E., & Fleischer, M. (1990). The context for change: Organization, technology and environment. In L. G. Tornatzky & M. Fleischer (Eds.), The processes of technological innovation (pp. 151-175). Lexington Books.
- Emergent Mind. (2026). TOE Framework: Tech, Org, Environment. Disponível em: https://www.emergentmind.com/topics/technology-organization-environment-toe-framework
- Davis, F. D. (1989). Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly, 13(3), 319-340.
- ScienceDirect. (s.d.). Integrating Individual and Organizational Perspectives: A TAM-TOE Framework for ISO 27037 Adoption in Malaysian Government Digital Forensics Agencies. Disponível em: https://www.sciencedirect.com/science/article/pii/S2199853125001301
- Page, M. J., McKenzie, J. E., Bossuyt, P. M., Boutron, I., Hoffmann, T. C., Mulrow, C. D., ... & Moher, D. (2021). The PRISMA 2020 statement: an updated guideline for reporting systematic reviews. BMJ, 372.
The increasing digitalization of economic and social activities has intensified the importance of information
security as a strategic component of organizational governance and digital resilience. In this context, ISO/IEC 27001 has
emerged as the leading international standard for implementing Information Security Management Systems (ISMS),
supporting organizations in managing cybersecurity risks, enhancing regulatory compliance, and strengthening digital
trust. Despite its global relevance, limited research has examined the factors influencing ISO/IEC 27001 adoption in
developing countries, particularly within the Mozambican context. This study analyzes the challenges, opportunities, and
implications associated with the adoption of ISO/IEC 27001 in Mozambique. An integrative literature review and
documentary analysis were conducted, drawing upon scientific publications, institutional reports, regulatory frameworks,
and policy documents. The analysis was guided by the Technology–Organization–Environment (TOE) framework and the
Technology Acceptance Model (TAM), enabling the examination of technological, organizational, environmental, and
behavioral determinants of adoption. The findings indicate that ISO/IEC 27001 adoption is influenced by a combination of
factors, including technological infrastructure, organizational capabilities, financial resources, regulatory conditions,
management commitment, and stakeholders’ perceptions of usefulness and implementation complexity. Key barriers
include the shortage of qualified cybersecurity professionals, implementation and certification costs, infrastructural
limitations, and low levels of cybersecurity maturity. Conversely, significant opportunities were identified, including
enhanced digital trust, improved regulatory compliance, stronger risk management practices, increased organizational
competitiveness, and greater resilience against cyber threats. The study concludes that ISO/IEC 27001 represents a strategic
instrument for strengthening information security governance in Mozambique. The findings contribute to the literature on
information security governance and technology adoption by integrating the TOE and TAM frameworks within a
developing-country context. Practical recommendations are provided for organizations, policymakers, and regulatory
institutions seeking to foster cybersecurity maturity and sustainable digital transformation.
Keywords :
ISO/IEC 27001; Information Security Governance; Information Security Management Systems (ISMS); Cybersecurity; Technology–Organization–Environment (TOE); Technology Acceptance Model (TAM); Digital Transformation; Mozambique.