Comparison of different aggregated information security control maturities from AHP ranked companies (Extended abstract)

Schmid, M.; Akarkach, K. and Pape, S.

, 2019


General Data Protection Regulation (GDRP) has not only a great influence on data protection but also on the area of information security especially with regard to Article 32. This article emphasizes the importance of a process for regularly testing, assessing and evaluating the security, but measuring of information security involves overcoming many obstacles. The goodness of information security can only be measured indirectly using metrics and Key Performance Indicators (KPIs), as there exist no gold standard. Many studies are concerned with using metrics to get as close as possible to the status of information security but only a few focus on the comparison of information security metrics. This paper deals with the significance of the ranking from a AHP-comparison of information security among different companies within a specific industry. The required model has already been developed by the authors and tested for applicability by means of case studies. In order to investigate the significance of the ranking from the comparison in more detail, this paper will try to figure out which way a maturity control should be determined to serve the company best in improving their security. This result will be helpful for all companies aiming to regularly assess and improve their security as requested by the GDPR. To verify the significance of the results with different sets, real information security data from a large international media and technology company is used.



  author    = {Michael Schmid and Karim Akarkach and Sebastian Pape},
  title     = {Comparison of different aggregated information security control maturities from {AHP} ranked companies (Extended abstract)},
  month     = {08},
  year      = {2019},
  booktitle = {Preproceedings of IFIP Summer School on Privacy and Identity Management - Data for Better Living: AI and Privacy 2019 (IFIPSC2019)},
  doi       = {X},
  keywords  = {security},