Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

(251.98KB)
This is an Open Access publication published under CSC-OpenAccess Policy.

PUBLICATIONS BY COUNTRIES

Top researchers from over 74 countries worldwide have trusted us because of quality publications.

United States of America
United Kingdom
Canada
Australia
Malaysia
China
Japan
Saudi Arabia
Egypt
India
Information Security Maturity Model
Malik F. Saleh
Pages - 316 - 337     |    Revised - 01-07-2011     |    Published - 05-08-2011
Volume - 5   Issue - 3    |    Publication Date - July / August 2011  Table of Contents
MORE INFORMATION
KEYWORDS
Maturity Model, Security Maturity Model, Security Measure, Security Self Study
ABSTRACT
To ensure security, it is important to build-in security in both the planning and the design phases and adapt a security architecture which makes sure that regular and security related tasks, are deployed correctly. Security requirements must be linked to the business goals. We identified four domains that affect security at an organization namely, organization governance, organizational culture, the architecture of the systems, and service management. In order to identify and explore the strength and weaknesses of particular organization’s security, a wide range model has been developed. This model is proposed as an information security maturity model (ISMM) and it is intended as a tool to evaluate the ability of organizations to meet the objectives of security.
CITED BY (12)  
1 ESTEDLAL, M. M. (2015). Introduction and Evaluation of Computer Security Incident Response Team (CSIRT) in Organizations. Cumhuriyet Science Journal, 36(6), 246-253.
2 Je, Y. M., You, Y. Y., & Na, K. S. Information Security Evaluation Using Multi-Attribute Threat Index. Wireless Personal Communications, 1-13.
3 Banerjee, C., & Banerjee, A. it security practices in an organization: balancing technology and management perspective. editorial board chief bebefactor, 495, 506.
4 El Mekawy, M., AlSabbagh, B., & Kowalski, S. (2014). The Impact of Business-IT Alignment on Information Security Process. In HCI in Business (pp. 25-36). Springer International Publishing.
5 Kirongo, N. N. (2014). A Video Conferencing Security Framework For Synchronous Elearning (Doctoral dissertation).
6 Elmir, A., Elmir, B., & Bounabat, B. (2013). Towards an Assessment-oriented Model for External Information System Quality Characterization. arXiv preprint arXiv:1310.8111.
7 Könst, W. J. (2013). Usability of Networked Information.
8 Elmir, A., Elmir, B., & Bounabat, B. (2013, November). Multi-facet quality assessment of process driven services in collaborative networks. In ISKO-Maghreb, 2013 3rd International Symposium (pp. 1-7). IEEE.
9 Rebolledo, M. D. Optimización de la ruta de cumplimiento de un estándar de Seguridad de la Información.
10 Tuomela, M. J. 1. Tietoturvallisuuden mittaaminen.
11 Saleh, M. F. (2011). The Three Dimensions of Security. International Journal of Security (IJS), 5(2), 85.
12 M. F. Saleh, “The Three Dimensions of Security”, International Journal of Security (IJS), 5(2), pp. 85 – 93, 2011.
1 Google Scholar 
2 Academic Journals Database 
3 CiteSeerX 
4 Libsearch 
5 Bielefeld Academic Search Engine (BASE) 
6 Scribd 
7 SlideShare 
8 PdfSR 
1 Amer, S.H. and J. John A. Hamilton, Understanding security architecture, in Proceedings of the 2008 Spring simulation multiconference. 2008, Society for Computer Simulation International: Ottawa, Canada. p. 335-342.
2 Aceituno, V. Information Security Management Maturity Model 2007 [cited 2011 July 11]; Available from: www.ism3.com/page1.php.
3 Al-Hamdani, W.A., Non risk assessment information security assurance model, in 2009 Information Security Curriculum Development Conference. 2009, ACM: Kennesaw, Georgia. p. 84-90.
4 Lee, S.W., R.A. Gandhi, and G.-J. Ahn, Establishing trustworthiness in services of the critical infrastructure through certification and accreditation. SIGSOFT Softw. Eng. Notes, 2005. 30(4): p. 1-7.
5 Walton, J.P., Developing an enterprise information security policy, in Proceedings of the 30th annual ACM SIGUCCS conference on User services. 2002, ACM: Providence, Rhode Island, USA. p. 153-156.
6 Williams, P.A. IT Alignment: Who Is in Charge. [cited 2011 May 21]; Available from: http://www.isaca.org/Knowledge-Center/Research/Documents/IT-Alignment-Who-Is-in-Charge.pdf.
7 Ahern, D., A. Clouse, and R. Turner, CMMI distilled: A practical introduction to integrated process improvement. 2004, Boston, London: Addison-Wesley.
8 Chrissis, M.B., M. Konrad, and S. Shrum, CMMI: Guidelines for Process Integration and Product Improvement. 2008, Upper Saddle River, NJ: Addison-Wesley.
9 Mettler, T. and P. Rohner. Situational Maturity Models as Instrumental Artifacts for Organizational Design. in Proceedings of the 4th International Conference on Design Science Research in Information Systems and Technology. 2009. Philadelphia, Pennsylvania: ACM.
10 Fraser, M.D. and V.K. Vaishnavi, A formal specifications maturity model. Commun. ACM, 1997. 40(12): p. 95-103.
11 V., P.P. Total Quality Management - A Strategic Initiative Gaining Global Compitative Advantage. 2010 May 21 [cited 2011; Available from: http://www.indianmba.com/Faculty_Column/FC1174/fc1174.html.
12 TQM - Total Quality Management. 2003 [cited 2011 May 21]; Available from: http://www.six-sigma-material.com/TQM.html.
13 Beres, Y., et al., Using security metrics coupled with predictive modeling and simulation to assess security processes, in Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement. 2009, IEEE Computer Society [download]. p. 564-573.
14 Arbaugh, W.A., W.L. Fithen, and J. McHugh, Windows of Vulnerability: A Case Study Analysis. IEEE Computer, 2000. 33(12): p. 52 - 59
15 Schneier, B., Secrets and Lies: Digital Security in a Networked World. 2000, New York: John Wiley & Sons, Inc.
16 Vidyaraman, S., M. Chandrasekaran, and S. Upadhyaya, Position: the user is the enemy, in Proceedings of the 2007 Workshop on New Security Paradigms. 2008, ACM: New Hampshire. p. 75-80.
17 Brostoff, S. and M.A. Sasse, Safe and sound: a safety-critical approach to security, in Proceedings of the 2001 workshop on New security paradigms. 2001, ACM: Cloudcroft, New Mexico. p. 41-50.
18 Kanstrén, T., et al., Towards an abstraction layer for security assurance measurements: (invited paper), in Proceedings of the Fourth European Conference on Software Architecture: Companion Volume. 2010, ACM: Copenhagen, Denmark. p. 189-196.
Dr. Malik F. Saleh
Prince Mohammad Bin Fahd University - Saudi Arabia
msaleh@pmu.edu.sa