Measuring information security performance with 10 by 10 model for holistic state evaluation
Abstract
Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model—ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it’s recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.
Keywords
informacijska varnost;organizacije;učinkovitost;merjenje;varnostni menedžment;
Data
| Language: | English |
|---|---|
| Year of publishing: | 2016 |
| Typology: | 1.01 - Original Scientific Article |
| Organization: | UM FVV - Faculty of Criminal Justice |
| UDC: | 004.056 |
| COBISS: |
3174634
|
| ISSN: | 1932-6203 |
| Views: | 1027 |
| Downloads: | 409 |
| Average score: | 0 (0 votes) |
| Metadata: |
|
Other data
| Secondary language: | Slovenian |
|---|---|
| Secondary keywords: | informacijska varnost;organizacije;učinkovitost;merjenje;varnostni menedžment; |
| URN: | URN:SI:UM: |
| Type (COBISS): | Scientific work |
| Pages: | 33 str. |
| Volume: | ǂVol. ǂ11 |
| Issue: | ǂno. ǂ9 |
| Chronology: | 2016 |
| DOI: | 10.1371/journal.pone.0163050 |
| ID: | 10843436 |
Recommended works:
Measuring information security performance with 10 by 10 model for holistic state evaluation
2016,
no subtitle data available
Trendi informacijske varnosti v sodobni organizaciji
2014,
no subtitle data available
Večkriterijski model učinkovitosti informacijske varnosti v organizacijah
2016,
doktorska disertacija
Evalvacija kvalitete merjenja zavedanja informacijske varnosti
2019,
diplomsko delo
Information security related to the use of mobile devices in Slovene enterprises
2014,
no subtitle data available