Towards a General Information Security Management Assessment Framework to Compare Cyber-Security of Critical Infrastructure Organizations

Abstract : This paper describes the development of an information security framework that aims to comparatively assess the quality of management processes in the context of cyber-security of organizations operating within critical infrastructure sectors. A design science approach was applied to establish a framework artifact that consists of the four dimensions “Security Ambition”, “Security Process”, “Resilience” and “Business Value”. These dimensions were related to the balanced scorecard concept and information security literature. The framework includes metrics, measurement approaches and aggregation methods. In its adapted form, our framework enables a systematic compilation of information security, and seeks to display the security situation of a focal firm against the desired future states, industry benchmarks, and allows for an investigation of interdependencies. The design science research process included workshops, cyclic refinements of the instrument, pretests and the framework evaluation within 30 critical infrastructure organizations. The framework was found to be particularly useful as learning and benchmarking tool capable of highlighting weaknesses, strengths, and gaps in relation to standards.
Type de document :
Communication dans un congrès
A Min Tjoa; Li Da Xu; Maria Raffai; Niina Maarit Novak. 10th International Conference on Research and Practical Issues of Enterprise Information Systems (CONFENIS), Dec 2016, Vienna, Austria. Springer International Publishing, Lecture Notes in Business Information Processing, LNBIP-268, pp.127-141, 2016, Research and Practical Issues of Enterprise Information Systems. 〈10.1007/978-3-319-49944-4_10〉
Liste complète des métadonnées

Littérature citée [42 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01630544
Contributeur : Hal Ifip <>
Soumis le : mardi 7 novembre 2017 - 17:27:27
Dernière modification le : jeudi 9 novembre 2017 - 01:16:29

Fichier

 Accès restreint
Fichier visible le : 2019-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Edward Bernroider, Sebastian Margiol, Alfred Taudes. Towards a General Information Security Management Assessment Framework to Compare Cyber-Security of Critical Infrastructure Organizations. A Min Tjoa; Li Da Xu; Maria Raffai; Niina Maarit Novak. 10th International Conference on Research and Practical Issues of Enterprise Information Systems (CONFENIS), Dec 2016, Vienna, Austria. Springer International Publishing, Lecture Notes in Business Information Processing, LNBIP-268, pp.127-141, 2016, Research and Practical Issues of Enterprise Information Systems. 〈10.1007/978-3-319-49944-4_10〉. 〈hal-01630544〉

Partager

Métriques

Consultations de la notice

8