IDEAS home Printed from https://ideas.repec.org/a/rom/conase/v6y2024i1p221-230.html
   My bibliography  Save this article

Approach of Determining Process Maturity in Information Security Management Systems

Author

Listed:
  • Michael Matthias NAUMANN

    (Bucharest University of Economic Studies, Bucharest, Romania)

  • Fabian PITZ

    (Bucharest University of Economic Studies, Bucharest, Romania)

  • Georg Sven LAMPE

    (Bucharest University of Economic Studies, Bucharest, Romania)

  • Stelian Mircea OLARU

    (Bucharest University of Economic Studies, Bucharest, Romania)

Abstract

The need in companies to be compliant with their business processes and to identify and minimise possible risks is an essential task today. Thus, the consideration of the process maturity for management systems of companies is an important approach to see immediately the status of processes as well as implemented requirements. By leveraging maturity levels, numbers and metrics provide a quick look at the overall condition and can be used to derive both measures and compliance with requirements. When looking at an information security management system (ISMS), there is a lack of a general process view and evaluation based on it, and thus also a holistic view beyond the detailed requirements and hard facts. The intention of the paper is to look at the status of existing, industry-specific maturity approaches for information security management systems and to analyse the possibilities for adaptation. Furthermore, based on the evaluation, a maturity model for the ISMS will be proposed to ensure key figures for the companies over time regarding the minimum requirements and certification conformity. A mapping to standards such as CMMI for the classification of the maturity level and the consideration of similar solutions and implementations will be considered. The paper is intended to show the possibility to use a concept to enable the calculation of a percentage maturity level for the representation of the information security level in the company and to make the resulting risks in information security visible. The results of this research show that the proposed approach for a unified method will help to report the maturity of information security management system processes in combination with conformity and security risk for the decision makers in companies.

Suggested Citation

  • Michael Matthias NAUMANN & Fabian PITZ & Georg Sven LAMPE & Stelian Mircea OLARU, 2024. "Approach of Determining Process Maturity in Information Security Management Systems," PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON ECONOMICS AND SOCIAL SCIENCES, Bucharest University of Economic Studies, Romania, vol. 6(1), pages 221-230, August.
    • Handle: RePEc:rom:conase:v:6:y:2024:i:1:p:221-230
    as

    Download full text from publisher

    File URL: https://www.icess.ase.ro/approach-of-determining-process-maturity-in-information-security-management-systems/
    Download Restriction: no
    ---><---

    More about this item

    Keywords

    process maturity level; information security management system; maturity level assessment.;
    All these keywords.

    JEL classification:

    • D81 - Microeconomics - - Information, Knowledge, and Uncertainty - - - Criteria for Decision-Making under Risk and Uncertainty
    • L15 - Industrial Organization - - Market Structure, Firm Strategy, and Market Performance - - - Information and Product Quality
    • L21 - Industrial Organization - - Firm Objectives, Organization, and Behavior - - - Business Objectives of the Firm
    • M15 - Business Administration and Business Economics; Marketing; Accounting; Personnel Economics - - Business Administration - - - IT Management
    • M42 - Business Administration and Business Economics; Marketing; Accounting; Personnel Economics - - Accounting - - - Auditing
    • O33 - Economic Development, Innovation, Technological Change, and Growth - - Innovation; Research and Development; Technological Change; Intellectual Property Rights - - - Technological Change: Choices and Consequences; Diffusion Processes

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:rom:conase:v:6:y:2024:i:1:p:221-230. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Zamfir Andreea (email available below). General contact details of provider: https://edirc.repec.org/data/aseeero.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.