What is it about?
Evaluating information security performance is crucial for managing it effectively within organizations. While qualitative measurement approaches have been widely used in the past, they can lead to ambiguous results. To overcome this, quantitative metrics are increasingly being proposed as a useful alternative. However, there is a shortage of literature on quantitative approaches, making it challenging to evaluate information security performance in organizational settings. The paper aims to validate a model for assessing the performance of information security management systems using a multidimensional socio-technical approach. The study was conducted in real-world settings among medium-sized enterprises in Slovenia. The results revealed that information security was strategically defined and compliant, but measures were primarily implemented at technical and operational levels, with strategic management being underdeveloped. The most significant issues were related to information resources and risk management, with information security measurement-related activities being particularly problematic.
Photo by FLY:D on Unsplash
Why is it important?
Although the enterprises possessed certain information security capabilities and recognized the importance of information security, their current practices made it difficult for them to keep up with the fast-paced technological and security trends. In conclusion, the study highlights the importance of evaluating information security performance using a multidimensional approach to identify areas that require improvement and enhance the overall effectiveness of information security management systems.
Read the Original
This page is a summary of: A real-world information security performance assessment using a multidimensional socio-technical approach, PLoS ONE, September 2020, PLOS, DOI: 10.1371/journal.pone.0238739.
You can read the full text:
The following have contributed to this page