An assessment model of information security implementation levels

Mohd Asri Mohamad Stambul, Rozilawati Razali

Research output: Chapter in Book/Report/Conference proceedingConference contribution

16 Citations (Scopus)

Abstract

Information security is very important as it serves to protect an organisation from any threats and risks by ensuring the information is always safe to be accessed, reliable and confidentially protected. In order to ensure information security, organisations normally introduce policies and guidelines which are made available to all members. Despite this effort however, security threats on organisations' information still occur. One of the reasons is because organisations are not aware of the information security levels that they practise. This paper discusses a measurement model for assessing information security implementation levels in organisations. The model consists of three maturity levels that determine the degrees of which information security is addressed in an organisation. The levels contain several factors that are necessary for ensuring information security. The study used Systematic Literature Review (SLR) as the instruments to determine the appropriate measurement parameters. The identified parameters were combined with general models and measurement standards of information security. The model can be used by organisations to determine their levels of maturity in ensuring the security of their information. This enables them to improve their current information security practices.

Original languageEnglish
Title of host publicationProceedings of the 2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011
DOIs
Publication statusPublished - 2011
Event2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011 - Bandung
Duration: 17 Jul 201119 Jul 2011

Other

Other2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011
CityBandung
Period17/7/1119/7/11

Fingerprint

Security of data

Keywords

  • information security
  • maturity model
  • measurement
  • security level

ASJC Scopus subject areas

  • Information Systems
  • Electrical and Electronic Engineering

Cite this

Mohamad Stambul, M. A., & Razali, R. (2011). An assessment model of information security implementation levels. In Proceedings of the 2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011 [6021561] https://doi.org/10.1109/ICEEI.2011.6021561

An assessment model of information security implementation levels. / Mohamad Stambul, Mohd Asri; Razali, Rozilawati.

Proceedings of the 2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011. 2011. 6021561.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Mohamad Stambul, MA & Razali, R 2011, An assessment model of information security implementation levels. in Proceedings of the 2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011., 6021561, 2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011, Bandung, 17/7/11. https://doi.org/10.1109/ICEEI.2011.6021561
Mohamad Stambul MA, Razali R. An assessment model of information security implementation levels. In Proceedings of the 2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011. 2011. 6021561 https://doi.org/10.1109/ICEEI.2011.6021561
Mohamad Stambul, Mohd Asri ; Razali, Rozilawati. / An assessment model of information security implementation levels. Proceedings of the 2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011. 2011.
@inproceedings{966227688a5d4637b9fabc4403b8424b,
title = "An assessment model of information security implementation levels",
abstract = "Information security is very important as it serves to protect an organisation from any threats and risks by ensuring the information is always safe to be accessed, reliable and confidentially protected. In order to ensure information security, organisations normally introduce policies and guidelines which are made available to all members. Despite this effort however, security threats on organisations' information still occur. One of the reasons is because organisations are not aware of the information security levels that they practise. This paper discusses a measurement model for assessing information security implementation levels in organisations. The model consists of three maturity levels that determine the degrees of which information security is addressed in an organisation. The levels contain several factors that are necessary for ensuring information security. The study used Systematic Literature Review (SLR) as the instruments to determine the appropriate measurement parameters. The identified parameters were combined with general models and measurement standards of information security. The model can be used by organisations to determine their levels of maturity in ensuring the security of their information. This enables them to improve their current information security practices.",
keywords = "information security, maturity model, measurement, security level",
author = "{Mohamad Stambul}, {Mohd Asri} and Rozilawati Razali",
year = "2011",
doi = "10.1109/ICEEI.2011.6021561",
language = "English",
isbn = "9781457707520",
booktitle = "Proceedings of the 2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011",

}

TY - GEN

T1 - An assessment model of information security implementation levels

AU - Mohamad Stambul, Mohd Asri

AU - Razali, Rozilawati

PY - 2011

Y1 - 2011

N2 - Information security is very important as it serves to protect an organisation from any threats and risks by ensuring the information is always safe to be accessed, reliable and confidentially protected. In order to ensure information security, organisations normally introduce policies and guidelines which are made available to all members. Despite this effort however, security threats on organisations' information still occur. One of the reasons is because organisations are not aware of the information security levels that they practise. This paper discusses a measurement model for assessing information security implementation levels in organisations. The model consists of three maturity levels that determine the degrees of which information security is addressed in an organisation. The levels contain several factors that are necessary for ensuring information security. The study used Systematic Literature Review (SLR) as the instruments to determine the appropriate measurement parameters. The identified parameters were combined with general models and measurement standards of information security. The model can be used by organisations to determine their levels of maturity in ensuring the security of their information. This enables them to improve their current information security practices.

AB - Information security is very important as it serves to protect an organisation from any threats and risks by ensuring the information is always safe to be accessed, reliable and confidentially protected. In order to ensure information security, organisations normally introduce policies and guidelines which are made available to all members. Despite this effort however, security threats on organisations' information still occur. One of the reasons is because organisations are not aware of the information security levels that they practise. This paper discusses a measurement model for assessing information security implementation levels in organisations. The model consists of three maturity levels that determine the degrees of which information security is addressed in an organisation. The levels contain several factors that are necessary for ensuring information security. The study used Systematic Literature Review (SLR) as the instruments to determine the appropriate measurement parameters. The identified parameters were combined with general models and measurement standards of information security. The model can be used by organisations to determine their levels of maturity in ensuring the security of their information. This enables them to improve their current information security practices.

KW - information security

KW - maturity model

KW - measurement

KW - security level

UR - http://www.scopus.com/inward/record.url?scp=80054014562&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80054014562&partnerID=8YFLogxK

U2 - 10.1109/ICEEI.2011.6021561

DO - 10.1109/ICEEI.2011.6021561

M3 - Conference contribution

AN - SCOPUS:80054014562

SN - 9781457707520

BT - Proceedings of the 2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011

ER -