Abstract Information security is very important because it aims to protect the user from any threats and risks, thus to make the information access is safe, reliable and confidential and to ensure that the information security policy can be carried out by organizations. Yet usually, organizations fail to implement these information security policies. This paper put forward a measurement model of information security evaluation, which includes three levels to decide the maturity level of the information security of an organization. This model adopts the systematic literature (SLR) to determine the appropriate measurement instrument parameters to identify the parameter combination. This model can be determined by the organization of the maturity level in security information, which enables the organization to improve their current information security measures.
[1]
Jan H. P. Eloff,et al.
Information Security Policy - What do International Information Security Standards say?
,
2002,
ISSA.
[2]
Rossouw von Solms,et al.
Information security governance: Due care
,
2006,
Comput. Secur..
[3]
Neil F. Doherty,et al.
Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis
,
2005,
Inf. Resour. Manag. J..
[4]
Jim Goldman,et al.
Metrics based security assessment (MBSA): combining the ISO 17799 standard with the systems security engineering capability maturity model (SSE-CMM)
,
2004
.
[5]
R. Filipek.
Information security becomes a business priority
,
2007
.