A cyclical evaluation model of information security maturity. Issue 3 (2014)
- Record Type:
- Journal Article
- Title:
- A cyclical evaluation model of information security maturity. Issue 3 (2014)
- Main Title:
- A cyclical evaluation model of information security maturity
- Authors:
- Evandro Alencar Rigon
Carla Merkle Westphall
Daniel Ricardo dos Santos
Carlos Becker Westphall - Abstract:
- <abstract> <title> <x xml:space="preserve"> Abstract </x> </title> <p> <bold>Purpose</bold> – This paper aims at presenting a cyclical evaluation model of information security (IS) maturity. The lack of a security evaluation method might expose organizations to several risky situations. <bold>Design/methodology/approach</bold> – This model was developed through the definition of a set of steps to be followed to obtain periodical evaluation of maturity and continuous improvement of controls. <bold>Findings</bold> – This model, based on controls present in ISO/IEC 27002, provides a means to measure the current situation of IS management through the use of a maturity model and provides a subsidy to take appropriate and feasible improvement actions, based on risks. A case study is performed, and the results indicate that the method is efficient for evaluating the current state of IS, to support IS management, risks identification and business and internal control processes. <bold>Research limitations/implications</bold> – It is possible that modifications to the process may be needed where there is less understanding of security requirements, such as in a less mature organization. <bold>Originality/value</bold> – This paper presents a generic model applicable to all kinds of organizations. The main contribution of this paper is the use of a maturity scale allied to the cyclical process of evaluation, providing the generation of immediate indicators for the management of IS.</p><abstract> <title> <x xml:space="preserve"> Abstract </x> </title> <p> <bold>Purpose</bold> – This paper aims at presenting a cyclical evaluation model of information security (IS) maturity. The lack of a security evaluation method might expose organizations to several risky situations. <bold>Design/methodology/approach</bold> – This model was developed through the definition of a set of steps to be followed to obtain periodical evaluation of maturity and continuous improvement of controls. <bold>Findings</bold> – This model, based on controls present in ISO/IEC 27002, provides a means to measure the current situation of IS management through the use of a maturity model and provides a subsidy to take appropriate and feasible improvement actions, based on risks. A case study is performed, and the results indicate that the method is efficient for evaluating the current state of IS, to support IS management, risks identification and business and internal control processes. <bold>Research limitations/implications</bold> – It is possible that modifications to the process may be needed where there is less understanding of security requirements, such as in a less mature organization. <bold>Originality/value</bold> – This paper presents a generic model applicable to all kinds of organizations. The main contribution of this paper is the use of a maturity scale allied to the cyclical process of evaluation, providing the generation of immediate indicators for the management of IS.</p> </abstract> … (more)
- Is Part Of:
- Information management & computer security. Volume 22:Issue 3(2014)
- Journal:
- Information management & computer security
- Issue:
- Volume 22:Issue 3(2014)
- Issue Display:
- Volume 22, Issue 3 (2014)
- Year:
- 2014
- Volume:
- 22
- Issue:
- 3
- Issue Sort Value:
- 2014-0022-0003-0000
- Page Start:
- 265
- Page End:
- 278
- Publication Date:
- 2014
- Subjects:
- Information technology -- Management -- Periodicals
Management information systems -- Periodicals
Computer security -- Periodicals
658.05 - Journal URLs:
- http://info.emeraldinsight.com/products/journals/journals.htm?id=imcs ↗
http://www.emeraldinsight.com/0968-5227.htm ↗
http://www.emeraldinsight.com/imcs.htm ↗
http://www.emeraldinsight.com/ ↗
http://firstsearch.oclc.org ↗ - DOI:
- 10.1108/IMCS-04-2013-0025 ↗
- Languages:
- English
- ISSNs:
- 0968-5227
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4493.687056
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 3461.xml