A structured comparison of the corporate information security

Schmid, M. and Pape, S.

In ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Lisbon, Portugal, June 25-27, 2019, Proceedings, pages 223-237, 2019, Acceptance rate: 26 / 142 = 18.3%.

Abstract

Generally, measuring the information security maturity is the first step to build a knowledge information security management system in an organization. Unfortunately, it is not possible to measure information security directly. Thus, in order to get an estimate, one has to find reliable measurements. One way to assess information security is by applying a maturity model and assess the level of controls. This does not need to be equivalent to the level of security. Nevertheless, evaluating the level of information security maturity in companies has been a major challenge for years. Although many studies have been conducted to address these challenges, there is still a lack of research to properly analyze these assessments. The primary objective of this study is to show how to use the analytic hierarchy process (AHP) to compare the information security controls' level of maturity within an industry in order to rank different companies. To validate the approach of this study, we used real information security data from a large international media and technology company.

PDFDOILinkLinkLinkBibtexsecurity

Bibtex

@InProceedings{SP19ifipsec,
  author    = {Michael Schmid and Sebastian Pape},
  title     = {A structured comparison of the corporate information security},
  booktitle = {{ICT} Systems Security and Privacy Protection - 34th {IFIP} {TC} 11 International Conference, {SEC} 2019, Lisbon, Portugal, June 25-27, 2019, Proceedings},
  year      = {2019},
  pages     = {223--237},
  month     = {06},
  doi       = {10.1007/978-3-030-22312-0_16},
  keywords  = {security, security management},
  url       = {https://doi.org/10.1007/978-3-030-22312-0_16},
}

PDF