Towards Rule-based Information Security Maturity.
Degree: 2015, Universiteit Utrecht
There is a growing need for information security. Not complying with the demand of having high level information security will affect the market position of an organization. Using an information security maturity model can help organizations visualize and identify the steps that need to be taken in order to mature. Maturity in the field of security indicates the degree of development and the strength of the organization’s security measures to mitigate risks that threatens its assets.
Unfortunately, one maturity model does not fit all organizations, because organizations have different organizational profiles. According to previous research, eleven organizational characteristics affect the information security, i.e. a financial institution requires different security measures than a bakery. It is necessary to have a well fitted information security maturity model for every organizational profile in order to support the organization.
According to research, the organizational characteristics affect a special kind of maturity model, the focus area maturity model. This type of model consists of focus areas or aspects in a certain domain and uses capabilities, improvement actions in order to reach a level of maturity, in order to assess whether a maturity level has been reached. Although it is clear that organizational characteristics affect the focus area level of the model, it is not clear what happens on the capability level. The research at hand has been set up to study the effects of a selection of the identified organizational characteristics on the capability level of the focus area maturity model in the information security domain. In order to do this, the existing Information Security Focus Area Maturity (ISFAM) model for SMEs is used and based on the experience of information security experts, the effects on the ISFAM model is researched. The experts were selected based on their knowledge and experience in the information security domain in different types of organizations.
Looking at previous research, it is expected that the organizational characteristics have an effect on the capability level of the ISFAM model. In order to handle these effects, the rule-based approach is used in the research. The rule-based approach is an approach that makes it possible to use rules, any bit of knowledge that can be expressed as: when ‘something’ is true, then do ‘this’, in a rule-based system, a system using rules, so that non-programmers can make adjustments to a maturity model based on the organizational profile, in order to create a more fitting model for the organization. Although the rule-based approach has been used in other information security maturity models, the combination of the rule-based approach and a focus area maturity model has not been done before.
During the research, however, the interviewed information security experts did not find effects on the lower levels of the ISFAM model. According to the experts, the improvement actions in the ISFAM model to reach a certain maturity level are too generically…
Advisors/Committee Members: Spruit, Marco, Bex, Floris.
Subjects/Keywords: Organizational Characteristics; Number of Employees; Revenue; Sector; Information Security; Focus Area Maturity Model; ISFAM; Rule-based Approach.
to Zotero / EndNote / Reference
APA (6th Edition):
Slot, G. C. A. (2015). Towards Rule-based Information Security Maturity. (Masters Thesis). Universiteit Utrecht. Retrieved from http://dspace.library.uu.nl:8080/handle/1874/315919
Chicago Manual of Style (16th Edition):
Slot, G C A. “Towards Rule-based Information Security Maturity.” 2015. Masters Thesis, Universiteit Utrecht. Accessed April 02, 2020.
MLA Handbook (7th Edition):
Slot, G C A. “Towards Rule-based Information Security Maturity.” 2015. Web. 02 Apr 2020.
Slot GCA. Towards Rule-based Information Security Maturity. [Internet] [Masters thesis]. Universiteit Utrecht; 2015. [cited 2020 Apr 02].
Available from: http://dspace.library.uu.nl:8080/handle/1874/315919.
Council of Science Editors:
Slot GCA. Towards Rule-based Information Security Maturity. [Masters Thesis]. Universiteit Utrecht; 2015. Available from: http://dspace.library.uu.nl:8080/handle/1874/315919