Empirical Study on the State of Practice of Information Security Management in Local Government

Moses, Frank; Sandkuhl, Kurt; Kemmerich, Thomas

doi:10.1007/978-981-19-3455-1_2

Cited by 2 publications

(8 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…More concretely, we conducted a survey among SPSOs and analyzed audit reports of their activities in information security management. The detailed results of these steps are available in [8] and can be summarized as follows:…”

Section: Problem Investigation and Relevancementioning

confidence: 99%

“…ISMS-Organization [16], [24] 7. Risk Management [25], [8], [23], [26], [27], [24], [21] 8. Education Level of Employees [17], [28], [29], [26], [30] 9.…”

Section: Factor / Requirementmentioning

confidence: 99%

“…Outsourcing Quota [42] 26. Improvement process [8] 27. Individual Attitude (Culture) [22], [32], [36] 28.…”

Section: Definition Of Measures and Theirmentioning

confidence: 99%

“…Concrete Measures of Security Strategies [35] 33. Continuous Improvement [37], [8] 34. Loss of Control [42], [30] 35.…”

Section: Definition Of Measures and Theirmentioning

confidence: 99%

“…Policies [16], [17], [31], [33], [37], [38], [46]- [48] 38. Management attention [8], [33] 39. Integration of the Management into the Security Process [37], [36] 40.…”

Section: Definition Of Measures and Theirmentioning

confidence: 99%

See 4 more Smart Citations

Information Security Management in Small Public Sector Organizations: Requirements and Design of a Procedural Approach

Moses,

Sandkuhl

2023

J. Complex Syst. Inform. Model. Q.

View full text Add to dashboard Cite

The increasing digitalization of enterprises and public authorities has resulted in the growing importance of information technology in everyday operations. In this context, an information security management system (ISMS) has become an essential aspect for most organizations. The dependency on technology for almost every single process in an organization has put ISMS at the top of the corporate agenda of public sector organizations. For public organizations in particular, the NIS 2 Directive describes abstract requirements for the development of an ISMS. On the other hand, only a few public administrations operate an ISMS. In this context, this article analyses the requirements of the NIS-2 Directive and complements them with the obstacles and reasons for success in the introduction of ISMS in small public sector organizations (SPSO). At the same time, minimum requirements should be defined that help municipal administration set up an ISMS quickly and easily. This article summarizes the different requirements and generates a foundation for a rough procedural model, for implementing the upcoming requirements of the NIS 2 Directive in local governments. The article also presents the conceptual design of the procedural model.

show abstract

Section: Problem Investigation and Relevancementioning

confidence: 99%

“…ISMS-Organization [16], [24] 7. Risk Management [25], [8], [23], [26], [27], [24], [21] 8. Education Level of Employees [17], [28], [29], [26], [30] 9.…”

Section: Factor / Requirementmentioning

confidence: 99%

“…Outsourcing Quota [42] 26. Improvement process [8] 27. Individual Attitude (Culture) [22], [32], [36] 28.…”

Section: Definition Of Measures and Theirmentioning

confidence: 99%

“…Concrete Measures of Security Strategies [35] 33. Continuous Improvement [37], [8] 34. Loss of Control [42], [30] 35.…”

Section: Definition Of Measures and Theirmentioning

confidence: 99%

“…Policies [16], [17], [31], [33], [37], [38], [46]- [48] 38. Management attention [8], [33] 39. Integration of the Management into the Security Process [37], [36] 40.…”

Section: Definition Of Measures and Theirmentioning

confidence: 99%

See 3 more Smart Citations