ǂA ǂreal-world information security performance assessment using a multidimensional socio-technical approach
Povzetek
Measuring the performance of information security is an essential part of the information security management system within organisations. Studies in the past mainly focused on establishing qualitative measurement approaches. Since these can lead to ambiguous conclusions, quantitative metrics are being increasingly proposed as a useful alternative. Nevertheless, the literature on quantitative approaches remains scarce. Thus, studies on the evaluation of information security performance are challenging, especially since many approaches are not tested in organisational settings. The paper aims to validate the model used for evaluating the performance of information security management system through a multidimensional socio-technical approach, in a real-world settings among medium-sized enterprises in Slovenia. The results indicate that information security is strategically defined and compliant, however, measures are primarily implemented at technical and operational levels, while its strategic management remains underdeveloped. We found that the biggest issues are related to information resources and risk management, where information security measurement-related activities proved to be particularly problematic. Even though enterprises do possess certain information security capabilities and are aware of the importance of information security, their current practices make it difficult for them to keep up with the fast-paced technological and security trends.
Ključne besede
informacijska varnost;organizacije;učinkovitost;merjenje;varnostni menedžment;information security;information security management;organisations;qualitative measurement;
Podatki
| Jezik: | Angleški jezik |
|---|---|
| Leto izida: | 2020 |
| Tipologija: | 1.01 - Izvirni znanstveni članek |
| Organizacija: | UM FVV - Fakulteta za varnostne vede |
| Založnik: | Public Library of Science |
| UDK: | 004.056(045) |
| COBISS: |
27680003
|
| ISSN: | 1932-6203 |
| Št. ogledov: | 0 |
| Št. prenosov: | 0 |
| Ocena: | 0 (0 glasov) |
| Metapodatki: |
|
Ostali podatki
| Sekundarni jezik: | Slovenski jezik |
|---|---|
| Sekundarne ključne besede: | informacijska varnost;organizacije;učinkovitost;merjenje;varnostni menedžment; |
| Vrsta dela (COBISS): | Znanstveno delo |
| Strani: | 17 str. |
| Letnik: | ǂVol. ǂ15 |
| Zvezek: | ǂno. ǂ9 |
| Čas izdaje: | 2020 |
| DOI: | 10.1371/journal.pone.0238739 |
| ID: | 25859477 |
Priporočena dela:
ǂA ǂreal-world information security performance assessment using a multidimensional socio-technical approach
2020,
ni podatka o podnaslovu
Measuring information security performance with 10 by 10 model for holistic state evaluation
2016,
ni podatka o podnaslovu
Trendi informacijske varnosti v sodobni organizaciji
2014,
ni podatka o podnaslovu
Knjižnice in zagotavljanje informacijske varnosti v elektronskem okolju
2017,
magistrska naloga
Vzpostavitev sistema za upravljanje informacijske varnosti v organizaciji
2010,
ni podatka o podnaslovu