Abstract
There is a dearth of academic research literature on the practices and commitments of information security governance in organizations. Despite the existence of referential and standards of the security governance, the research literature remains limited regarding the practices of organizations and, on the other hand, the lack of a strategy and practical model to follow in adopting an effective information security governance. This study aims to propose ISMGO a practical maturity framework for the information security governance and management in organizations. The findings will help organizations to assess their capability maturity state and to address the procedural, technical and human aspects of information security governance and management process.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Goodhue, D.L., Straub, D.: Security concerns of system users: a study of perceptions of the adequacy of security. Inf. Manag. 20, 13–27 (1991)
IT Governance Institute: Information Security Governance: Guidance for Boards of Directors and Executive Management Guidance for Boards of Directors and Executive Management (2006)
Rockart, J.F., Crescenzi, A.D.: Engaging top management in information technology, vol. 25 (1984)
Safa, N.S., Von Solms, R., Furnell, S.: Information security policy compliance model in organizations. Comput. Secur. 56, 1–13 (2016)
Duffield, M.: Global Governance and the New Wars: The Merging of Development and Security (2014)
Schou, C., Shoemaker, D.P.: Information Assurance for the Enterprise: A Roadmap to Information Security. McGraw-Hill Inc., New York City (2006)
Dhillon, G., Tejay, G., Hong, W.: Identifying governance dimensions to evaluate ınformation systems security in organizations (2007)
Kyukov, D., Strauss, R.: Information security governance as key performance indicator for financial institutions. Sci. J. Riga Tech. Univ. 38, 161–167 (2009)
Klaic, A.: Overview of the state and trends in the contemporary ınformation security policy and ınformation security management methodologies. In: International Convention on Information and Communication Technology, Electronics and Microelectronics, MIPRO (2010)
Mattord, H.J., Whitman, M.E.: Roadmap to Information Security: For IT and Infosec Managers. Delmar Learning, Clifton Park (2011)
Williams, S.P., Hardy, C.A., Holgate, J.A.: Information security governance practices in critical infrastructure organizations: a socio-technical and institutional logic perspective. Electron. Mark. 23(4), 341–354 (2013)
Yaokumah, W.: Information security governance implementation within Ghanaian industry sectors: an empirical study. Inf. Manag. Comput. Secur. 22(3), 235–250 (2014)
Horne, C.A., Ahmad, A., Maynard, S.B.: Information security strategy in organisations: review, discussion and future research directions (2015)
Carcary, M., Renaud, K., McLaughlin, S., O’Brien, C.: A framework for ınformation security governance and management. IT Prof. 18(2), 22–30 (2016)
Kenneally, M., Curley, J.: IT capability maturity framework, p. 20 (2012)
Johnson, B.G.: Measuring ISO 27001 ISMS processes, pp. 1–20 (2014)
Deleersnyder, S., et al.: Software Assurance Maturity Model (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix A
Appendix A
See Table A1.
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Maleh, Y., Sahid, A., Ezzati, A., Belaissaoui, M. (2018). A Capability Maturity Framework for IT Security Governance in Organizations. In: Abraham, A., Haqiq, A., Muda, A., Gandhi, N. (eds) Innovations in Bio-Inspired Computing and Applications. IBICA 2017. Advances in Intelligent Systems and Computing, vol 735. Springer, Cham. https://doi.org/10.1007/978-3-319-76354-5_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-76354-5_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-76353-8
Online ISBN: 978-3-319-76354-5
eBook Packages: EngineeringEngineering (R0)