Abstract
Information Security (IS) is a concept that is related to protecting a set of data in order to preserve the value it has for an individual or an organization. A review of the literature shows there are four main aspects related to IS: confidentiality, integrity, availability and non-repudiation. Based on these four aspects, a new framework is put forward for analyzing the information security maturity model (ISMM) in an organization, assuming that each organization has a minimum level of information security policies in each aspect, taking into consideration the percentage of policies that this organization has from all those cited in our model. At the end, a case study was conducted in order to analyze the ISMM of a public and private sector company.
Recommended Citation
Silva, Lucio; Poleto, Thiago; Moura, Jadielson; and Paula Costa, Ana, "An Analysis of and Perspective on the Information Security Maturity Model: a case study of a Public and a Private Sector Company" (2012). AMCIS 2012 Proceedings. 11.
https://aisel.aisnet.org/amcis2012/proceedings/PerspectivesIS/11
An Analysis of and Perspective on the Information Security Maturity Model: a case study of a Public and a Private Sector Company
Information Security (IS) is a concept that is related to protecting a set of data in order to preserve the value it has for an individual or an organization. A review of the literature shows there are four main aspects related to IS: confidentiality, integrity, availability and non-repudiation. Based on these four aspects, a new framework is put forward for analyzing the information security maturity model (ISMM) in an organization, assuming that each organization has a minimum level of information security policies in each aspect, taking into consideration the percentage of policies that this organization has from all those cited in our model. At the end, a case study was conducted in order to analyze the ISMM of a public and private sector company.