Skip to Main content Skip to Navigation
Conference papers

Towards a General Information Security Management Assessment Framework to Compare Cyber-Security of Critical Infrastructure Organizations

Abstract : This paper describes the development of an information security framework that aims to comparatively assess the quality of management processes in the context of cyber-security of organizations operating within critical infrastructure sectors. A design science approach was applied to establish a framework artifact that consists of the four dimensions “Security Ambition”, “Security Process”, “Resilience” and “Business Value”. These dimensions were related to the balanced scorecard concept and information security literature. The framework includes metrics, measurement approaches and aggregation methods. In its adapted form, our framework enables a systematic compilation of information security, and seeks to display the security situation of a focal firm against the desired future states, industry benchmarks, and allows for an investigation of interdependencies. The design science research process included workshops, cyclic refinements of the instrument, pretests and the framework evaluation within 30 critical infrastructure organizations. The framework was found to be particularly useful as learning and benchmarking tool capable of highlighting weaknesses, strengths, and gaps in relation to standards.
Complete list of metadata

Cited literature [35 references]  Display  Hide  Download

https://hal.inria.fr/hal-01630544
Contributor : Hal Ifip <>
Submitted on : Tuesday, November 7, 2017 - 5:27:27 PM
Last modification on : Thursday, March 5, 2020 - 4:47:45 PM
Long-term archiving on: : Thursday, February 8, 2018 - 2:51:29 PM

File

432749_1_En_10_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Edward Bernroider, Sebastian Margiol, Alfred Taudes. Towards a General Information Security Management Assessment Framework to Compare Cyber-Security of Critical Infrastructure Organizations. 10th International Conference on Research and Practical Issues of Enterprise Information Systems (CONFENIS), Dec 2016, Vienna, Austria. pp.127-141, ⟨10.1007/978-3-319-49944-4_10⟩. ⟨hal-01630544⟩

Share

Metrics

Record views

161

Files downloads

380