Home   >   CSC-OpenAccess Library   >    Manuscript Information
Information Security Maturity Model
Malik F. Saleh
Pages - 316 - 337     |    Revised - 01-07-2011     |    Published - 05-08-2011
Volume - 5   Issue - 3    |    Publication Date - July / August 2011  Table of Contents
Maturity Model, Security Maturity Model, Security Measure, Security Self Study
To ensure security, it is important to build-in security in both the planning and the design phases and adapt a security architecture which makes sure that regular and security related tasks, are deployed correctly. Security requirements must be linked to the business goals. We identified four domains that affect security at an organization namely, organization governance, organizational culture, the architecture of the systems, and service management. In order to identify and explore the strength and weaknesses of particular organization’s security, a wide range model has been developed. This model is proposed as an information security maturity model (ISMM) and it is intended as a tool to evaluate the ability of organizations to meet the objectives of security.
CITED BY (12)  
1 ESTEDLAL, M. M. (2015). Introduction and Evaluation of Computer Security Incident Response Team (CSIRT) in Organizations. Cumhuriyet Science Journal, 36(6), 246-253.
2 Je, Y. M., You, Y. Y., & Na, K. S. Information Security Evaluation Using Multi-Attribute Threat Index. Wireless Personal Communications, 1-13.
3 Banerjee, C., & Banerjee, A. it security practices in an organization: balancing technology and management perspective. editorial board chief bebefactor, 495, 506.
4 El Mekawy, M., AlSabbagh, B., & Kowalski, S. (2014). The Impact of Business-IT Alignment on Information Security Process. In HCI in Business (pp. 25-36). Springer International Publishing.
5 Kirongo, N. N. (2014). A Video Conferencing Security Framework For Synchronous Elearning (Doctoral dissertation).
6 Elmir, A., Elmir, B., & Bounabat, B. (2013). Towards an Assessment-oriented Model for External Information System Quality Characterization. arXiv preprint arXiv:1310.8111.
7 Könst, W. J. (2013). Usability of Networked Information.
8 Elmir, A., Elmir, B., & Bounabat, B. (2013, November). Multi-facet quality assessment of process driven services in collaborative networks. In ISKO-Maghreb, 2013 3rd International Symposium (pp. 1-7). IEEE.
9 Rebolledo, M. D. Optimización de la ruta de cumplimiento de un estándar de Seguridad de la Información.
10 Tuomela, M. J. 1. Tietoturvallisuuden mittaaminen.
11 Saleh, M. F. (2011). The Three Dimensions of Security. International Journal of Security (IJS), 5(2), 85.
12 M. F. Saleh, “The Three Dimensions of Security”, International Journal of Security (IJS), 5(2), pp. 85 – 93, 2011.
1 Google Scholar 
2 Academic Journals Database 
3 CiteSeerX 
4 Libsearch 
5 Bielefeld Academic Search Engine (BASE) 
6 Scribd 
7 SlideShare 
8 PdfSR 
Aceituno, V. Information Security Management Maturity Model 2007 [cited 2011 July 11]; Available from: www.ism3.com/page1.php.
Ahern, D., A. Clouse, and R. Turner, CMMI distilled: A practical introduction to integrated process improvement. 2004, Boston, London: Addison-Wesley.
Al-Hamdani, W.A., Non risk assessment information security assurance model, in 2009 Information Security Curriculum Development Conference. 2009, ACM: Kennesaw, Georgia. p. 84-90.
Amer, S.H. and J. John A. Hamilton, Understanding security architecture, in Proceedings of the 2008 Spring simulation multiconference. 2008, Society for Computer Simulation International: Ottawa, Canada. p. 335-342.
Arbaugh, W.A., W.L. Fithen, and J. McHugh, Windows of Vulnerability: A Case Study Analysis. IEEE Computer, 2000. 33(12): p. 52 - 59
Beres, Y., et al., Using security metrics coupled with predictive modeling and simulation to assess security processes, in Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement. 2009, IEEE Computer Society [download]. p. 564-573.
Brostoff, S. and M.A. Sasse, Safe and sound: a safety-critical approach to security, in Proceedings of the 2001 workshop on New security paradigms. 2001, ACM: Cloudcroft, New Mexico. p. 41-50.
Chrissis, M.B., M. Konrad, and S. Shrum, CMMI: Guidelines for Process Integration and Product Improvement. 2008, Upper Saddle River, NJ: Addison-Wesley.
Fraser, M.D. and V.K. Vaishnavi, A formal specifications maturity model. Commun. ACM, 1997. 40(12): p. 95-103.
Kanstrén, T., et al., Towards an abstraction layer for security assurance measurements: (invited paper), in Proceedings of the Fourth European Conference on Software Architecture: Companion Volume. 2010, ACM: Copenhagen, Denmark. p. 189-196.
Lee, S.W., R.A. Gandhi, and G.-J. Ahn, Establishing trustworthiness in services of the critical infrastructure through certification and accreditation. SIGSOFT Softw. Eng. Notes, 2005. 30(4): p. 1-7.
Mettler, T. and P. Rohner. Situational Maturity Models as Instrumental Artifacts for Organizational Design. in Proceedings of the 4th International Conference on Design Science Research in Information Systems and Technology. 2009. Philadelphia, Pennsylvania: ACM.
Schneier, B., Secrets and Lies: Digital Security in a Networked World. 2000, New York: John Wiley & Sons, Inc.
TQM - Total Quality Management. 2003 [cited 2011 May 21]; Available from: http://www.six-sigma-material.com/TQM.html.
V., P.P. Total Quality Management - A Strategic Initiative Gaining Global Compitative Advantage. 2010 May 21 [cited 2011; Available from: http://www.indianmba.com/Faculty_Column/FC1174/fc1174.html.
Vidyaraman, S., M. Chandrasekaran, and S. Upadhyaya, Position: the user is the enemy, in Proceedings of the 2007 Workshop on New Security Paradigms. 2008, ACM: New Hampshire. p. 75-80.
Walton, J.P., Developing an enterprise information security policy, in Proceedings of the 30th annual ACM SIGUCCS conference on User services. 2002, ACM: Providence, Rhode Island, USA. p. 153-156.
Williams, P.A. IT Alignment: Who Is in Charge. [cited 2011 May 21]; Available from: http://www.isaca.org/Knowledge-Center/Research/Documents/IT-Alignment-Who-Is-in-Charge.pdf.
Dr. Malik F. Saleh
Prince Mohammad Bin Fahd University - Saudi Arabia