MEASURING AND INDICATING THE LEVEL OF INFORMATION SECURITY – AN ANALYSIS OF CURRENT APPROACHES
Abstract
Keywords
References
Agyepong, E., Cherdantseva, Y., Reinecke, P., Burnap, P., (2023)A systematic method for measuring the performance of a cyber security operations centre analyst,Computers & Security, 124, 102959,https://doi.org/10.1016/j.cose.2022.102959.
Bakshi, S., (2016)Performance Measurement Metrics for IT Governance, ISACA Journal, 6, https://www.isaca.org/resources/isaca-journal/issues/2016/volume-6/performance-measurement-metrics-for-it-governance.
Crémilleux, D., (2019)Visualization for information system security monitoring. Cryptography and Security [cs.CR], (PhDthesis),CentraleSupélec, NNT: 2019CSUP0013, tel-02872028, https://theses.hal.science/tel-02872028/document.
Cunha, F., Dinis-Carvalho, J., Sousa, R.M.,(2023)Performance measurement systems in continuous improvement environments: obstacles to their effectiveness, Sustainability, 15(1), 867, https://doi.org/10.3390/su15010867.
Diesch, R., Pfaff, M., Krcmar, H., (2018)Prerequisite to measure information security - A state of the art literature review,In Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP 2018), SCITEPRESS – Science and Technology Publications, Lda, pp. 207-215 https://doi.org/10.5220/0006545602070215.
Diesch, R., Pfaff, M., Krcmar, H., (2020)A comprehensive model of information security factors for decision-makers. Computers & Security, 92, 101747, https://doi.org/10.1016/j.cose.2020.101747.
Hoffmann, R., Napiórkowski, J., Protasowicki, T., Stanik, J., (2020)Measurement models of information security based on the principles and practices for risk-based approach,Procedia Manufacturing, 44(2019), 647–654. https://doi.org/10.1016/j.promfg.2020.02.244.
Hsu, C., Wang, T., Lu, A., (2016)The impact of ISO 27001 certification on firm performance, In: Proceedings of the 2016 49th Hawaii International Conference on System Sciences (HICSS), IEEE Computer Society, USA, pp. 4842–4848. https://doi.org/10.1109/HICSS.2016.600.
ISACA, (2019)COBIT - Control Objectives for Information Technologies, An ISACA® Framework, https://www.isaca.org/resources/cobit, accessed January 8, 2023.
ISO, (2022)ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements, ISO/IEC, Switzerland.
ISO, (2017)ISO/IEC/IEEE 15939:2017 Systems and software engineering — Measurement process, ISO/IEC, Switzerland.
ISO, (2016)ISO/IEC 27004:2016 Information technology — Security techniques — Information security management — Monitoring, measurement, analysis and evaluation, ISO/IEC, Switzerland.
Lampe, S. G., Olaru, M., Fogoroș, T., Massner, S., (2022)Critical success factor for integration of cyber security in context of managed services,In: Pamfilie, R., Dinu, V., Vasiliu, C., Pleșea, D., Tăchiciu L., (Eds), 2022. 8th BASIQ International Conference on New Trends in Sustainable Business and Consumption, Graz, Austria, 25-27 May 2022, ASE, Bucharest, pp.741-748,https://doi.org/10.24818/BASIQ/2022/08/098.
Maté, A., Trujillo, J., Mylopoulos, J., (2017)Specification and derivation of key performance indicators for business analytics: A semantic approach,Data & Knowledge Engineering, 108, pp.30–49, https://doi.org/10.1016/j.datak.2016.12.004.
Zaripov, R. N.,Murakaev, I.M.,Ryapukhin, A.V., (2021)Development of the organization’s key performance indicators system in order to improve the effectiveness of its human capital and risk management. TEM Journal,10(1), pp.298–302. https://doi.org/10.18421/TEM101-37.
Olifer, D., Goranin, N., Kaceniauskas, A., Cenys, A. (2017)Controls-based approach for evaluation of information security standards implementation costs,Technological and Economic Development of Economy, 23(1), 196–219, https://doi.org/10.3846/20294913.2017.1280558.
Proença, D., Borbinha, J., (2016)Maturity models for information systems - A state of the art,Procedia Computer Science,Conference on ENTERprise Information Systems / International Conference on Project MANagement / Conference on Health and Social Care Information Systems and Technologies, CENTERIS / ProjMAN / HCist 2016, October 5-7, 2016,100(2), 1042–1049. https://doi.org/10.1016/j.procs.2016.09.279.
Rapina, R., Carolina, Y., Joni, Anggraeni, S., (2022)User involvement in information system quality,International Journal of Innovative Technologies in Social Science,4(36),https://doi.org/10.31435/rsglobal_ijitss/30122022/7892.
VDA, (2022)VDA ISA Catalogue version 5.1, https://www.vda.de/en/news/publications/publication/vda-isa-catalogue-version-5.1.
Wangen, G.B., Snekkenes, E., (2014)A Comparison between Business Process Management and Information Security Management,2014 Federated Conference on Computer Science and Information Systems,FedCSIS 2014, Warsaw, Poland,October 2014, pp. 901–910, https://doi.org/10.15439/2014F77.
Wills, B., (2016)Measuringwhat matters – KPI development,In Purposely profitable: embedding sustainability into the DNA of food processing and other businesses, Ed. 1, Wiley-Blackwell,pp. 51–68. https://doi.org/10.1002/9781118977958.ch5.
This work is licensed under a Creative Commons Attribution 3.0 License.