Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation

Bernik, Igor; Prislan, Kaja

doi:10.1371/journal.pone.0163050

Cited by 32 publications

(24 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The aim is to validate the model used for evaluating the quality of ISMS, i.e. the Information Security Performance 10 by 10 Model (ISP 10×10M), that we proposed in [40]. The model may be used for internal evaluations aimed at establishing the key gaps of existing approaches adopted by organisations.…”

Section: Motivationmentioning

confidence: 99%

A real-world information security performance assessment using a multidimensional socio-technical approach

2020

Self Cite

View full text Add to dashboard Cite

Measuring the performance of information security is an essential part of the information security management system within organisations. Studies in the past mainly focused on establishing qualitative measurement approaches. Since these can lead to ambiguous conclusions, quantitative metrics are being increasingly proposed as a useful alternative. Nevertheless, the literature on quantitative approaches remains scarce. Thus, studies on the evaluation of information security performance are challenging, especially since many approaches are not tested in organisational settings. The paper aims to validate the model used for evaluating the performance of information security management system through a multidimensional socio-technical approach, in a real-world settings among medium-sized enterprises in Slovenia. The results indicate that information security is strategically defined and compliant, however, measures are primarily implemented at technical and operational levels, while its strategic management remains underdeveloped. We found that the biggest issues are related to information resources and risk management, where information security measurement-related activities proved to be particularly problematic. Even though enterprises do possess certain information security capabilities and are aware of the importance of information security, their current practices make it difficult for them to keep up with the fast-paced technological and security trends.

show abstract

Section: Motivationmentioning

confidence: 99%

A real-world information security performance assessment using a multidimensional socio-technical approach

2020

Self Cite

View full text Add to dashboard Cite

show abstract

“…Nonetheless economic literature on the subject has been growing in recent years and shedding light on some important aspects of cyber security, including the drivers of organizations' investment in cyber security. According to various authors when determining the amounts of resources spent on cyber security and protection against cyber-attacks firms mainly focus on the aims of protecting customer data and privacy (Louis, Adrian & Evangelos, 2016), the protection of intellectual property, trade secrets or other business assets (Klahr et al, 2017), ensuring business continuity and preventing downtime (Bernik & Prislan, 2016), compliance with laws and regulations (Wakefield, 2012) and protecting the organization's reputation (Lloyd's, 2015).…”

Section: An Operator-centric Approachmentioning

confidence: 99%

Cyberattacks on Critical Infrastructure: an Economic Perspective

Lis¹,

Mendel²

2019

EBR

View full text Add to dashboard Cite

The aim of this article is to analyze the economic aspects of cybersecurity of critical infrastructure defined as physical or virtual systems and assets that are vital to a country's functioning and whose incapacitation or destruction would have a debilitating impact on national, economic, military and public security. The functioning of modern states, firms and individuals increasingly relies on digital or cyber technologies and this trend has also materialized in various facets of critical infrastructure. Critical infrastructure presents a new cybersecurity area of attacks and threats that requires the attention of regulators and service providers. Deploying critical infrastructure systems without suitable cybersecurity might make them vulnerable to intrinsic failures or malicious attacks and result in serious negative consequences. In this article a fuller view of costs and losses associated with cyberattacks that includes both private and external (social) costs is proposed. An application of the cost-benefit analysis or the Return on Security Investment (ROSI) indicator is presented to evaluate the worthiness of cybersecurity efforts and analyze the costs associated with some major cyberattacks in recent years. The "Identify, Protect, Detect, Respond and Recover" (IPDRR) framework of organizing cybersecurity efforts is also proposed as well as an illustration as to how the blockchain technology could be utilized to improve security and efficiency within a critical infrastructure.

show abstract

“…Information Security Performance is about to ensure that three aspects of information security above at acceptable condition, within the company. Company must have objective and goal of information security performance, and assess their current condition whether it is aligned with the goal [16]. Assessing current condition will determine the gap with information security objective (if any) and guide us to fill the gap.…”

Section: A Information Security Performancementioning

confidence: 99%

Improving Information Security Performance: The Role of Management Support and Security Operation Center

Atmojo¹,

Prabowo²,

So³

et al. 2019

IJRTE

View full text Add to dashboard Cite

The implementation of Information Technology (IT) in any aspects of business has change the landscape of business. Specifically, IT has made significant and major changes in banking industry, especially on the way people do business with bank. Beside as business enabler, IT now become a major tool for bank to win the competition. With the strategic role of IT in banking industry, there is a risk from security point of view. The new sophisticated and advanced kind of attack drive to higher impact for banks. Beside direct loss caused by successful attack, there is also loss caused by image damage and sanction from regulatory. With many initiatives can be done to improve Information Security condition, banking need to prioritize the initiative that has most significant impact. Management support on information security is cited by many literatures as basic requirement for improving Information Security condition. Security Operation Center also proposed as initiatives to enhance the capability of detection and response to attack. This research tries to empirically find out the impact of Management Support to information security performance and the role of Security Operation Center on mediating both variables. Data are gathered from banks in Indonesia using survey methodology through questionnaire answered by qualified respondents. The sample design used is a probability sample with disproportionate stratified random sampling and analyzed using Structural Equation Modeling -Partial Least Square. This paper shows that management support has significant impact on improving Information Security condition in banking industry. It also concludes that SOC has complimentary mediation of relationship between management support and information security performance. Practically, result of this research can be foundation for company that wants to focus on factors that significantly impact security performance, while theoretically confirmed previous studies on the role of management support.

show abstract

Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation

Cited by 32 publications

References 44 publications

A real-world information security performance assessment using a multidimensional socio-technical approach

A real-world information security performance assessment using a multidimensional socio-technical approach

Cyberattacks on Critical Infrastructure: an Economic Perspective

Improving Information Security Performance: The Role of Management Support and Security Operation Center

Contact Info

Product

Resources

About