Towards a General Information Security Management Assessment Framework to Compare Cyber-Security of Critical Infrastructure Organizations

Publikation: Beitrag in Buch/KonferenzbandBeitrag in Konferenzband


This paper describes the development of an information security framework that aims to comparatively assess the quality of management processes in the context of cyber-security of organizations operating within critical infrastructure sectors. A design science approach was applied to establish a framework artifact that consists of the four dimensions “Security Ambition”, “Security Process”, “Resilience” and “Business Value”. These dimensions were related to the balanced scorecard concept and information security literature. The framework includes metrics, measurement approaches and aggregation methods. In its adapted form, our framework enables a systematic compilation of information security, and seeks to display the security situation of a focal firm against the desired future states, industry benchmarks, and allows for an investigation of interdependencies. The design science research process included workshops, cyclic refinements of the instrument, pretests and the framework evaluation within 30 critical infrastructure organizations. The framework was found to be particularly useful as learning and benchmarking tool capable of highlighting weaknesses, strengths, and gaps in relation to standards.
Titel des SammelwerksResearch and Practical Issues of Enterprise Information Systems - CONFENIS 2016
Herausgeber*innen A Min Tjoa, Li Da Xu, Maria Raffai, Niina Maarit Novak
VerlagSpringer Lecture Notes in Business Information Processing (LNBIP)
Seiten127 - 141
ISBN (Print)978-3-319-49943-7
PublikationsstatusVeröffentlicht - 2016

Österreichische Systematik der Wissenschaftszweige (ÖFOS)

  • 502050 Wirtschaftsinformatik