A cyclical evaluation model of information security maturity

Purpose – This paper aims at presenting a cyclical evaluation model of information security (IS) maturity. The lack of a security evaluation method might expose organizations to several risky situations. Design/methodology/approach – This model was developed through the definition of a set of steps to be followed to obtain periodical evaluation of maturity and continuous improvement of controls. Findings – This model, based on controls present in ISO/IEC 27002, provides a means to measure the current situation of IS management through the use of a maturity model and provides a subsidy to take appropriate and feasible improvement actions, based on risks. A case study is performed, and the results indicate that the method is efficient for evaluating the current state of IS, to support IS management, risks identification and business and internal control processes. Research limitations/implications – It is possible that modifications to the process may be needed where there is less understanding of security ...

[1]  Shon Harris,et al.  CISSP All-in-One Exam Guide , 2001 .

[2]  Moon-Seog Jun,et al.  The Study on the Maturity Measurement Method of Security Management for ITSM , 2008, 2008 International Conference on Convergence and Hybrid Information Technology.

[3]  David Cowan,et al.  External pressure for internal information security controls , 2011 .

[4]  Alastair Walker,et al.  ISO/IEC 15504 measurement applied to COBIT process maturity , 2012 .

[5]  J. Breier,et al.  New approach in information system security evaluation , 2012, 2012 IEEE First AESS European Conference on Satellite Telecommunications (ESTEL).

[6]  Stewart Kowalski,et al.  Towards An Information Security Maturity Model for Secure e-Government Services: A Stakeholders View , 2011, HAISA.

[7]  S. Woodhouse An ISMS (Im)-Maturity Capability Model , 2008, 2008 IEEE 8th International Conference on Computer and Information Technology Workshops.

[8]  Vladimir Jirasek Practical application of information security models , 2012, Inf. Secur. Tech. Rep..

[9]  Ainin Sulaiman,et al.  Information security landscape and maturity level: Case study of Malaysian Public Service (MPS) organizations , 2009, Gov. Inf. Q..