MEASURING AND INDICATING THE LEVEL OF INFORMATION SECURITY – AN ANALYSIS OF CURRENT APPROACHES
MEASURING AND INDICATING THE LEVEL OF INFORMATION SECURITY – AN ANALYSIS OF CURRENT APPROACHES
Author(s): Michael Matthias Naumann, Andreea-Nicoleta Bichel, Andreea Bianca Ene, Dragos Bujor, Corina Georgiana Serban, Adela JansenSubject(s): Business Economy / Management, Security and defense, ICT Information and Communications Technologies
Published by: Asociaţia de Cooperare Cultural-Educaţională Suceava
Keywords: information security risks; key performance indicators;maturity level; metrics; security management systems;
Summary/Abstract: In times of increasing digitalization of processes in companies the topic of information security has become relevant for every industry. For this, a standardization of information security with normative standards such as ISO/IEC 27001:2022 has been established to define requirements and to assess at regular intervals the conformity of the management systems. However, practice shows that companies are fulfilling the requirements only at a minimum level and don’t have a real overview of their security level and the impact of existing risks. This paper evaluates how decision makers in companies currently interpret their security level using metrics. Regarding this, the relationship with effectiveness and conformity of their information security measures are shown and analyzed. Furthermore, in this paper a selection of the most common used practices and frameworks for measuring and certifying information security systems has been analyzed. The results of this research show that there is a need for on overall security perspective and include a proposal on how a structured approach should be defined.
Journal: Ecoforum
- Issue Year: 12/2023
- Issue No: 2
- Page Range: 1-8
- Page Count: 8
- Language: English