Abstract
Implementing and maintaining Information Security (IS) in a digitized ecosystem is cumbersome. Multiple complex frameworks and models are used to implement IS, but these are perceived as hard to implement and maintain in digitized dynamic value chains and platforms. Most companies still use spreadsheets to design, direct and monitor their information security function and demonstrate their compliance. Regulators too use spreadsheets for supervision. This paper reflects on longitudinal Design Science Research (DSR) on IS and describes the design and engineering of an artefact architecture, coined as LockChain, which can emancipate boards from silo-based spreadsheet management and improve their visibility, control and assurance via integrated dash-boarding and a reporting tool. LockChain is not a traditional Information Security Management System (ISMS) but is used for the design and specification of information security requirements and measures and privacy requirements. We elaborate “Why” we used Design Science Research into valorisation of the concept of LockChain, we explain “What” we have established in terms of the technology of LockChain and “How” it is applied and the added value LockChain brings for companies on cost savings, Security and Privacy by Design engineering culture and Digital Assurance.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ponemon: Cost of Data Breach Study: Global Analysis. Ponemon Institute LLC, United States (2016)
Conti, M., Dehghantanha, A., Franke, K., Watson, S.: Internet of Things security and forensics: challenges and opportunities. Future Gener. Comput. Syst. Int. J. eSci. 78, 544–546 (2018)
Cashell, B., Jackson, W., Jickling, M., Webel, B.: The Economic Impact of Cyber-Attacks. Congressional Research Service, The Library of Congress, United States (2004)
ITGI: Information Risks; Who’s Business are they? IT Governance Institute, United States (2005)
Hubbard, D.: The Failure of Risk Management. Wiley, Hoboken (2009)
Bobbert, Y.: Improving the Maturity of Business Information Security: On the Design and Engineering of a Business Information Security Administrative Tool. Radboud University, Nijmegen (2018)
Yaokumah, W., Brown, S.: An empirical examination of the relationship between information security/business strategic alignment and information security governance. J. Bus. Syst. Gov. Ethics 2(9), 50–65 (2014)
Zitting, D.: Are You Still Auditing in Excel? Sarbanes Oxley Compliance J. (2015). http://www.s-ox.com/dsp_getFeaturesDetails.cfm?CID=4156
Flores, W., Antonsen, E., Ekstedt, M.: Information security knowledge sharing in organizations: investigating the effect of behavioral information security governance and national culture. Comput. Secur. 2014–43, 90–110 (2014)
Van Niekerk, J., Von Solms, R.: Information security culture: a management perspective. Comput. Secur. 29(4), 476–486 (2010)
Seale, C.: Researching Society and Culture, 2nd edn. Sage Publications, Thousand Oaks (2004). ISBN 978-0-7619-4197-2
ISO/IEC27001:2013: ISO/IEC 27001:2013 Information technology – Security techniques – Information security management systems – Requirements. ISO/IEC, Geneva (2013)
Cherdantseva, Y., Hilton, J.: A reference model of information assurance & security. In: IEEE Proceedings of ARES, vol. SecOnt Workshop, Regensburg, Germany (2013)
GOV.UK: The Security Policy Framework (SPF). Statement of Assurance questionnaire in Excel - Gov.uk
Halkyn: ISO27001 Self Assessment Checklist hits record downloads, 19 February 2015
ISF: Corporate Governance Requirements for Information Risk Management. Information Security Forum, UK
von Solms, S., von Solms, R.: Information Security Governance. Springer, New York (2009). ISBN 978 0 387 79983 4
Al-Omari, A., El-Gayar, O., Deokar, A.: Information security policy compliance: the role of information security awareness. In: Proceedings of the American Conference on Information Systems, US (2012)
Al-Omari, A., El-Gayar, O., Deokar, A.: Security policy compliance: user acceptance perspective. In: Proceedings of the 45th Hawaii International Conference on System Sciences, Maui (2012)
Stackpole, B., Oksendahl, E.: Security Strategy. Auerbach Publications, Boca Raton (2011)
Van Grembergen, W., De Haes, S., Guldentops, E.: Structures, processes and relational mechanisms for IT governance. In: Strategies for Information Technology Governance, pp. 1–36. Idea Group Publishing, Hershey (2004)
ISACA: COBIT5 for Information Security, United States: Information Systems Audit and Control Association, ISACA (2012)
Visser, J.: Building Maintainable Software. O’Reilly Media Inc., Sebastopol (2016)
Khan, J.: The need for continuous compliance, pp. 14–15, June 2018
Forsgren, N., Humble, J.K.G.: Accelerate: The Science of Lean Software and DevOps: Building and Scaling High Performing Technology Organizations. Lean IT Strategies LLC, Portland, Oregon (2018)
ITGI: COBIT Mapping: Mapping of CMMI for Development V1.2 With COBIT. IT Governance Institute, ISBN 1-933284-80-3, United States of America (2007)
Koning, E.: Assessment Framework for DNB Information Security Examination. De Nederlandsche Bank, Amsterdam (2014)
Powell, S., Baker, K., Lawson, B.: Errors in operational spreadsheets. J. Organ. End User Comput. 21(3), 24–36 (2009)
Volchkov, A.: How to measure security from a governance perspective. ISACA J. 5, 44–51 (2013)
Papazafeiropoulou, A.: Understanding governance, risk and compliance information systems the experts view. Inf. Syst. Front. 18(6), 1251–1263 (2016)
Deloitte: Spreadsheet Management, Not what you figured (2009)
Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28(1), 75–105 (2004)
Bobbert, Y., Mulder, J.: Enterprise engineering in business information security. A case study & expert validation in security, risk and compliance artefact engineering. A comparative analysis of a security measurement tool. In: EEWC 2018. LNBIP, vol. 334, pp. 1–25. Springer (2019)
Johannesson, P., Perjons, E.: An Introduction to Design Science. Springer, Cham (2014). Stockholm University
Wieringa, R.: Design science as nested problem solving. In: Proceedings of the 4th International Conference on Design Science Research in Information Systems and Technology, New York (2009)
Bass, L., Holz, R., Rimba, P., Tran, B., Zhu, L.: Securing a deployment pipeline. In: 3rd International Workshop on Release Engineering. IEEE ACM (2018)
COSO: Leveraging COSO Across the Three Lines of Defense. The Committee of Sponsoring Organizations of the Treadway Commission (COSO), United States (2015)
McKinsey: Disruptive technologies: advances that will transform life, business, and the global economy. The McKinsey Global Institute (2013)
Silic, M., Back, A.: Shadow IT – a view from behind the curtain. Comput. Secur. 45, 274–283 (2014)
Bobbert, Y.: Maturing Business Information Security. IBISA, Utrecht (2010)
Humble, J., Farley, D.: Continuous Delivery. Pearson Education Inc., New York (2011)
Bobbert, Y.: Defining a research method for engineering a Business Information Security artefact. In: Proceedings of the Enterprise Engineering Working Conference (EEWC) Forum, Antwerp (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Bobbert, Y., Ozkanli, N. (2020). LockChain Technology as One Source of Truth for Cyber, Information Security and Privacy. In: Arai, K., Kapoor, S., Bhatia, R. (eds) Intelligent Computing. SAI 2020. Advances in Intelligent Systems and Computing, vol 1230. Springer, Cham. https://doi.org/10.1007/978-3-030-52243-8_24
Download citation
DOI: https://doi.org/10.1007/978-3-030-52243-8_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-52242-1
Online ISBN: 978-3-030-52243-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)