Igor Bernik (Avtor), Kaja Prislan (Avtor)

Povzetek

Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model—ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it’s recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

Ključne besede

informacijska varnost;organizacije;učinkovitost;merjenje;varnostni menedžment;

Podatki

Jezik: Angleški jezik
Leto izida:
Tipologija: 1.01 - Izvirni znanstveni članek
Organizacija: UM FVV - Fakulteta za varnostne vede
UDK: 004.056
COBISS: 3174634 Povezava se bo odprla v novem oknu
ISSN: 1932-6203
Št. ogledov: 1027
Št. prenosov: 409
Ocena: 0 (0 glasov)
Metapodatki: JSON JSON-RDF JSON-LD TURTLE N-TRIPLES XML RDFA MICRODATA DC-XML DC-RDF RDF

Ostali podatki

Sekundarni jezik: Slovenski jezik
Sekundarne ključne besede: informacijska varnost;organizacije;učinkovitost;merjenje;varnostni menedžment;
URN: URN:SI:UM:
Vrsta dela (COBISS): Znanstveno delo
Strani: 33 str.
Letnik: ǂVol. ǂ11
Zvezek: ǂno. ǂ9
Čas izdaje: 2016
DOI: 10.1371/journal.pone.0163050
ID: 10843436