Information Security Maturity as an Integral Part of ISMS based Risk Management Tools

TitleInformation Security Maturity as an Integral Part of ISMS based Risk Management Tools
Publication TypeConference Paper
Year of Publication2016
AuthorsFetler B., Harpes C.
Conference NameSECURWARE 2016, The Tenth International Conference on Emerging Security Information, Systems and Technologies, Nice, France
Date PublishedJuly
PublisherXpert Publishing Services
Conference LocationNice, France
Abstract

Measuring the continuous improvement of Information Security Management Systems (ISMS) is often neglected as most organizations do not know how to extract key-indicators that could be used for this purpose. The underlying work presents a six-level maturity model which can be fully integrated in a risk management tool and helps to define key indicators for measuring the improvement of an ISMS. Furthermore, the proposed model establishes on how far the increase of maturity can help to mitigate information security risks and finally, a cost-benefit equation is presented which can be used to quantitatively justify the increase of maturity of an ISMS and to establish an action plan increasing the maturity.

URLhttp://www.thinkmind.org/index.php?view=article&articleid=securware_2016_14_30_30228