Skip to main content
SpringerLink
Log in

A Capability Maturity Framework for IT Security Governance in Organizations

  • Conference paper
  • First Online:
Innovations in Bio-Inspired Computing and Applications (IBICA 2017)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 735))

Abstract

There is a dearth of academic research literature on the practices and commitments of information security governance in organizations. Despite the existence of referential and standards of the security governance, the research literature remains limited regarding the practices of organizations and, on the other hand, the lack of a strategy and practical model to follow in adopting an effective information security governance. This study aims to propose ISMGO a practical maturity framework for the information security governance and management in organizations. The findings will help organizations to assess their capability maturity state and to address the procedural, technical and human aspects of information security governance and management process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Goodhue, D.L., Straub, D.: Security concerns of system users: a study of perceptions of the adequacy of security. Inf. Manag. 20, 13–27 (1991)

    Article  Google Scholar 

  2. IT Governance Institute: Information Security Governance: Guidance for Boards of Directors and Executive Management Guidance for Boards of Directors and Executive Management (2006)

    Google Scholar 

  3. Rockart, J.F., Crescenzi, A.D.: Engaging top management in information technology, vol. 25 (1984)

    Google Scholar 

  4. Safa, N.S., Von Solms, R., Furnell, S.: Information security policy compliance model in organizations. Comput. Secur. 56, 1–13 (2016)

    Article  Google Scholar 

  5. Duffield, M.: Global Governance and the New Wars: The Merging of Development and Security (2014)

    Google Scholar 

  6. Schou, C., Shoemaker, D.P.: Information Assurance for the Enterprise: A Roadmap to Information Security. McGraw-Hill Inc., New York City (2006)

    Google Scholar 

  7. Dhillon, G., Tejay, G., Hong, W.: Identifying governance dimensions to evaluate ınformation systems security in organizations (2007)

    Google Scholar 

  8. Kyukov, D., Strauss, R.: Information security governance as key performance indicator for financial institutions. Sci. J. Riga Tech. Univ. 38, 161–167 (2009)

    Google Scholar 

  9. Klaic, A.: Overview of the state and trends in the contemporary ınformation security policy and ınformation security management methodologies. In: International Convention on Information and Communication Technology, Electronics and Microelectronics, MIPRO (2010)

    Google Scholar 

  10. Mattord, H.J., Whitman, M.E.: Roadmap to Information Security: For IT and Infosec Managers. Delmar Learning, Clifton Park (2011)

    Google Scholar 

  11. Williams, S.P., Hardy, C.A., Holgate, J.A.: Information security governance practices in critical infrastructure organizations: a socio-technical and institutional logic perspective. Electron. Mark. 23(4), 341–354 (2013)

    Article  Google Scholar 

  12. Yaokumah, W.: Information security governance implementation within Ghanaian industry sectors: an empirical study. Inf. Manag. Comput. Secur. 22(3), 235–250 (2014)

    Article  Google Scholar 

  13. Horne, C.A., Ahmad, A., Maynard, S.B.: Information security strategy in organisations: review, discussion and future research directions (2015)

    Google Scholar 

  14. Carcary, M., Renaud, K., McLaughlin, S., O’Brien, C.: A framework for ınformation security governance and management. IT Prof. 18(2), 22–30 (2016)

    Article  Google Scholar 

  15. Kenneally, M., Curley, J.: IT capability maturity framework, p. 20 (2012)

    Google Scholar 

  16. Johnson, B.G.: Measuring ISO 27001 ISMS processes, pp. 1–20 (2014)

    Google Scholar 

  17. Deleersnyder, S., et al.: Software Assurance Maturity Model (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. FST, Univ Hassan 1, B.P. 577, 26000, Settat, Morocco

    Yassine Maleh & Abdellah Ezzati

  2. ENCG, Univ Hassan 1, B.P. 577, 26000, Settat, Morocco

    Abdelkbir Sahid & Mustapha Belaissaoui

Authors
  1. Yassine Maleh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abdelkbir Sahid
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Abdellah Ezzati
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mustapha Belaissaoui
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yassine Maleh .

Editor information

Editors and Affiliations

  1. Machine Intelligence Research Labs, Auburn, Washington, USA

    Ajith Abraham

  2. Faculty of Sciences and Techniques, Hassan 1st University, Settat, Morocco

    Abdelkrim Haqiq

  3. Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka, Durian Tunggal, Melaka, Malaysia

    Azah Kamilah Muda

  4. Machine Intelligence Research Labs, Auburn, Washington, USA

    Niketa Gandhi

Appendix A

Appendix A

See Table A1.

Table A1. Maturity assessment interview (sample)
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Maleh, Y., Sahid, A., Ezzati, A., Belaissaoui, M. (2018). A Capability Maturity Framework for IT Security Governance in Organizations. In: Abraham, A., Haqiq, A., Muda, A., Gandhi, N. (eds) Innovations in Bio-Inspired Computing and Applications. IBICA 2017. Advances in Intelligent Systems and Computing, vol 735. Springer, Cham. https://doi.org/10.1007/978-3-319-76354-5_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-76354-5_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-76353-8

  • Online ISBN: 978-3-319-76354-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation