Abstract
Information security is becoming increasingly important for most organisations, as it can add real value by facilitating interaction with trading partners, enabling closer customer relationships, and enabling new and easier ways to process electronic transactions that result in a competitive advantage. However, this enhanced business performance comes with increased risk, for example in 2018, information security breaches totalled 1,244 and affected more than 446 million records (Identity Theft Resource Centre (ITRC), 2018). Due to the sensitive nature of customer data, the recent legislative changes around how data is handled (e.g. GDPR) and the mounting information security risks, it is critical for organisations to have a robust and reliable information security system in place. The information security system and its associated strategies should not just react to information security incidents, but protect the data, and anticipate and seek to prevent attacks from cyber criminals. A robust information security system should incorporate the inventory and monitoring of information, and manage how the data is captured, stored, used, handled, and transmitted internally, in data centres, in the cloud, and across the network. This paper proposes a capability approach for the management of information security that encapsulates the management and control of the integrity, confidentiality, accountability, usability, and availability of information. The paper presents a conceptual model and assessment tool, developed via an open innovation and collaborative research approach that an organization can use to understand and assess the maturity of their information security. The conceptual model uses a holistic and systematic approach and is designed to provide real value to organizations by enabling them to drive improvements in the management of their information security, to maximise the potential benefits and to minimise or alleviate any risks. © 2019, Curran Associates Inc. All rights reserved.
Original language | Undefined |
---|---|
Title of host publication | European Conference on Information Warfare and Security, ECCWS |
Pages | 97-105 |
Number of pages | 8 |
ISBN (Electronic) | 978-191276428-0 |
Publication status | Published (in print/issue) - 31 Jul 2019 |
Event | European Conference on Information Warfare and Security - Coimbra Duration: 4 Jul 2019 → 5 Jul 2019 |
Conference
Conference | European Conference on Information Warfare and Security |
---|---|
Abbreviated title | ECCWS 2019 |
Period | 4/07/19 → 5/07/19 |
Keywords
- Information security (InfoSec)
- Information security management
- Information security management system (ISMS)