Igor Bernik (Author), Kaja Prislan (Author)

Abstract

Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model—ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it’s recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

Keywords

informacijska varnost;organizacije;učinkovitost;merjenje;varnostni menedžment;

Data

Language: English
Year of publishing:
Typology: 1.01 - Original Scientific Article
Organization: UM FVV - Faculty of Criminal Justice
UDC: 004.056
COBISS: 3174634 Link will open in a new window
ISSN: 1932-6203
Views: 1027
Downloads: 409
Average score: 0 (0 votes)
Metadata: JSON JSON-RDF JSON-LD TURTLE N-TRIPLES XML RDFA MICRODATA DC-XML DC-RDF RDF

Other data

Secondary language: Slovenian
Secondary keywords: informacijska varnost;organizacije;učinkovitost;merjenje;varnostni menedžment;
URN: URN:SI:UM:
Type (COBISS): Scientific work
Pages: 33 str.
Volume: ǂVol. ǂ11
Issue: ǂno. ǂ9
Chronology: 2016
DOI: 10.1371/journal.pone.0163050
ID: 10843436