Bernroider, Edward, Margiol, Sebastian, Taudes, Alfred. 2016. Towards a General Information Security Management Assessment Framework to Compare Cyber-Security of Critical Infrastructure Organizations. In Research and Practical Issues of Enterprise Information Systems - CONFENIS 2016, Hrsg. A Min Tjoa, Li Da Xu, Maria Raffai, Niina Maarit Novak, 127-141. Vienna: Springer Lecture Notes in Business Information Processing (LNBIP).
This paper describes the development of an information security framework that aims to comparatively assess the quality of management processes in the context of cyber-security of organizations operating within critical infrastructure sectors. A design science approach was applied to establish a framework artifact that consists of the four dimensions “Security Ambition”, “Security Process”, “Resilience” and “Business Value”. These dimensions were related to the balanced scorecard concept and information security literature. The framework includes metrics, measurement approaches and aggregation methods. In its adapted form, our framework enables a systematic compilation of information security, and seeks to display the security situation of a focal firm against the desired future states, industry benchmarks, and allows for an investigation of interdependencies. The design science research process included workshops, cyclic refinements of the instrument, pretests and the framework evaluation within 30 critical infrastructure organizations. The framework was found to be particularly useful as learning and benchmarking tool capable of highlighting weaknesses, strengths, and gaps in relation to standards.
|Status of publication||Published|
|Type of publication||Contribution to conference proceedings|
|Title||Towards a General Information Security Management Assessment Framework to Compare Cyber-Security of Critical Infrastructure Organizations|
|Title of whole publication||Research and Practical Issues of Enterprise Information Systems - CONFENIS 2016|
|Editor||A Min Tjoa, Li Da Xu, Maria Raffai, Niina Maarit Novak|
|Publisher||Springer Lecture Notes in Business Information Processing (LNBIP)|
- Bernroider, Edward (Details)
- Margiol, Sebastian (Details)
- Taudes, Alfred (Details)
- Information Systems and Operations DP (Details)
- Research Institute for Computational Methods FI (Details)
- Institute for Information Management and Control IN (Details)
- Research areas (ÖSTAT Classification 'Statistik Austria')
- 5367 Management information systems (Details)