In the recent years, information security has become a household name and gained enormous public attention. The extensive use and dependence on information technology (IT) of businesses and organizations, along with worsening impact that IT incidents brings has made information security one of the top concerns of the management. Moreover, individual awareness of information security would require corporations to invest and highlight their efforts in securing their handling of information to gain customer confidence. However, the extensive use of IT has made information security a complicated management issue at corporate level. The guidance of an information security management would be urgently in need. ISO 27001 standard provides guidance to a sound information security management system (ISMS). The certification of ISO 27001 further shows compliance and excellence in it. As the costs incurred during the implementation and accreditation are considerable, we would like to discover whether the certification benefits financially by acting as a competitive advantage. We took the event study methodology with samples from United States and selected European countries to investigate the impact after certification. In the results, we have found no evidence that ISO 27001 certification brings positive impact in terms of financial and stock market performance. We attribute the results to the nature of ISO 27001 that a good information security management would bee seen as an obligation, or “meeting the requirements”, instead of a competitive advantage. We also took the scope of the certification as an explanation, where most of the certification only covers part of the organization, instead of a full-scope. This would be seen as a compromised commitment in information security.