Name
Abstract | ||
|---|---|---|
Generally, measuring the information security maturity is the first step to build a knowledge information security management system in an organization. Unfortunately, it is not possible to measure information security directly. Thus, in order to get an estimate, one has to find reliable measurements. One way to assess information security is by applying a maturity model and assess the level of controls. This does not need to be equivalent to the level of security. Nevertheless, evaluating the level of information security maturity in companies has been a major challenge for years. Although many studies have been conducted to address these challenges, there is still a lack of research to properly analyze these assessments. The primary objective of this study is to show how to use the analytic hierarchy process (AHP) to compare the information security controls' level of maturity within an industry in order to rank different companies. To validate the approach of this study, we used real information security data from a large international media and technology company. |
Year | DOI | Venue |
|---|---|---|
2019 | 10.1007/978-3-030-22312-0_16 | ICT SYSTEMS SECURITY AND PRIVACY PROTECTION, SEC 2019 |
Keywords | Field | DocType |
Information security, Information security management, ISO 27001, Analytic hierarchy process, Information security controls, Capability maturity model, Security maturity model, Security metrics framework | Security controls,Computer science,Computer security,Information security,Capability Maturity Model,Information security management,Information security management system,Analytic hierarchy process | Conference |
Volume | ISSN | Citations |
562 | 1868-4238 | 0 |
PageRank | References | Authors |
0.34 | 0 | 2 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Michael Schmid | 1 | 0 | 0.34 |
| Sebastian Pape | 2 | 17 | 10.95 |