Quotation Bernroider, Edward, Margiol, Sebastian, Taudes, Alfred. 2016. Towards a General Information Security Management Assessment Framework to Compare Cyber-Security of Critical Infrastructure Organizations. In Research and Practical Issues of Enterprise Information Systems - CONFENIS 2016, Hrsg. A Min Tjoa, Li Da Xu, Maria Raffai, Niina Maarit Novak, 127-141. Vienna: Springer Lecture Notes in Business Information Processing (LNBIP).


BibTeX

Abstract

This paper describes the development of an information security framework that aims to comparatively assess the quality of management processes in the context of cyber-security of organizations operating within critical infrastructure sectors. A design science approach was applied to establish a framework artifact that consists of the four dimensions “Security Ambition”, “Security Process”, “Resilience” and “Business Value”. These dimensions were related to the balanced scorecard concept and information security literature. The framework includes metrics, measurement approaches and aggregation methods. In its adapted form, our framework enables a systematic compilation of information security, and seeks to display the security situation of a focal firm against the desired future states, industry benchmarks, and allows for an investigation of interdependencies. The design science research process included workshops, cyclic refinements of the instrument, pretests and the framework evaluation within 30 critical infrastructure organizations. The framework was found to be particularly useful as learning and benchmarking tool capable of highlighting weaknesses, strengths, and gaps in relation to standards.

Tags

Publication's profile

Status of publication Published
Affiliation WU
Type of publication Contribution to conference proceedings
Language English
Title Towards a General Information Security Management Assessment Framework to Compare Cyber-Security of Critical Infrastructure Organizations
Title of whole publication Research and Practical Issues of Enterprise Information Systems - CONFENIS 2016
Editor A Min Tjoa, Li Da Xu, Maria Raffai, Niina Maarit Novak
Page from 127
Page to 141
Location Vienna
Publisher Springer Lecture Notes in Business Information Processing (LNBIP)
Year 2016
ISBN 978-3-319-49943-7
URL http://link.springer.com/chapter/10.1007/978-3-319-49944-4_10

Associations

People
Bernroider, Edward (Details)
Margiol, Sebastian (Details)
Taudes, Alfred (Details)
Organization
Information Systems and Operations DP (Details)
Research Institute for Computational Methods FI (Details)
Institute for Information Management and Control IN (Details)
Research areas (Ă–STAT Classification 'Statistik Austria')
5367 Management information systems (Details)
Google Scholar: Search