What is it about?

Evaluating information security performance is crucial for managing it effectively within organizations. While qualitative measurement approaches have been widely used in the past, they can lead to ambiguous results. To overcome this, quantitative metrics are increasingly being proposed as a useful alternative. However, there is a shortage of literature on quantitative approaches, making it challenging to evaluate information security performance in organizational settings. The paper aims to validate a model for assessing the performance of information security management systems using a multidimensional socio-technical approach. The study was conducted in real-world settings among medium-sized enterprises in Slovenia. The results revealed that information security was strategically defined and compliant, but measures were primarily implemented at technical and operational levels, with strategic management being underdeveloped. The most significant issues were related to information resources and risk management, with information security measurement-related activities being particularly problematic.

Featured Image

Why is it important?

Although the enterprises possessed certain information security capabilities and recognized the importance of information security, their current practices made it difficult for them to keep up with the fast-paced technological and security trends. In conclusion, the study highlights the importance of evaluating information security performance using a multidimensional approach to identify areas that require improvement and enhance the overall effectiveness of information security management systems.


By using the proposed multidimensional socio-technical approach to assess information security performance in real-world scenarios, organizations can measure and evaluate the current state of their information security. This comprehensive assessment enables organizations to make rational and systematic decisions, aiming to develop efficient and cost-effective information security approaches while also maintaining a proactive stance and preparedness for future challenges.

Igor Bernik
University of Maribor Faculty of Criminal Justice and Security

Read the Original

This page is a summary of: A real-world information security performance assessment using a multidimensional socio-technical approach, PLoS ONE, September 2020, PLOS, DOI: 10.1371/journal.pone.0238739.
You can read the full text:



The following have contributed to this page