| | SLO | ENG | Cookies and privacy

Bigger font | Smaller font

Show document

Title:Measuring information security performance with 10 by 10 model for holistic state evaluation
Authors:Bernik, Igor (Author)
Prislan, Kaja (Author)
Files:.pdf PLOS_ONE_2016_Bernik,_Prislan_Measuring_Information_Security_Performance_with_10_by_10_Model_for_Holistic_State_Evaluation.PDF (2,92 MB)
URL http://dx.plos.org/10.1371/journal.pone.0163050
Work type:Scientific work (r2)
Typology:1.01 - Original Scientific Article
Organization:FVV - Faculty of Criminal Justice and Security
Abstract:Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model—ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it’s recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.
Keywords:information security, organizations, efficiency, measuring, security management
Year of publishing:2016
Number of pages:str. 1-33
Numbering:št. 9, Letn. 11
ISSN on article:1932-6203
COBISS_ID:3174634 Link is opened in a new window
DOI:10.1371/journal.pone.0163050 Link is opened in a new window
License:CC BY 4.0
This work is available under this license: Creative Commons Attribution 4.0 International
Average score:(0 votes)
Your score:Voting is allowed only for logged in users.
AddThis uses cookies that require your consent. Edit consent...

Hover the mouse pointer over a document title to show the abstract or click on the title to get all document metadata.

Record is a part of a journal

Title:PloS ONE
Publisher:Public Library of Science
COBISS.SI-ID:2005896 New window

Secondary language

Keywords:informacijska varnost, organizacije, učinkovitost, merjenje, varnostni menedžment


Leave comment

You have to log in to leave a comment.

Comments (0)
0 - 0 / 0
There are no comments!

Logos of partners University of Maribor University of Ljubljana University of Primorska University of Nova Gorica