Home // SECURWARE 2016, The Tenth International Conference on Emerging Security Information, Systems and Technologies // View article

Information Security Maturity as an Integral Part of ISMS based Risk Management Tools

Authors:
Ben Fetler
Carlo Harpes

Keywords: Information Security Management System; Maximal Efficiency Rate; Return On Security Maturity Investment; Information Security Risk Analysis; Security Maturity.

Abstract:
Measuring the continuous improvement of Information Security Management Systems (ISMS) is often neglected as most organizations do not know how to extract key-indicators that could be used for this purpose. The underlying work presents a six-level maturity model which can be fully integrated in a risk management tool and helps to define key indicators for measuring the improvement of an ISMS. Furthermore, the proposed model establishes on how far the increase of maturity can help to mitigate information security risks and finally, a cost-benefit equation is presented which can be used to quantitatively justify the increase of maturity of an ISMS and to establish an action plan increasing the maturity.

Pages: 295 to 298

Copyright: Copyright (c) IARIA, 2016

Publication date: July 24, 2016

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-493-0

Location: Nice, France

Dates: from July 24, 2016 to July 28, 2016