Affiliation:
1. University of Antwerp Management School, Belgium
Abstract
Most information security methodologies are aimed at large enterprise organizations with a top-down structure, while relatively smaller organizations have insufficient knowledge to adopt this methodology. Most of the frameworks used by enterprises focus on high-level policy-making and the overwhelming amount of controls might suffocate practitioners in smaller organizations. This article examines the results of an exploratory study, performed in the Netherlands in Q1&Q2 of 2010. The study used expert panel research followed by a survey. The research found essential interventions to easily and effectively increase security maturity for mid market organizations. The research also found barriers for not implementing these interventions by the midmarket. This paper provides a minimum core set of practices for organizations. It shows that mid market organizations struggle with implementing relevant interventions. This research contributes a new pragmatic approach to assist mid market organizations’ practitioners with more guidance on how to effectively establish the desired state of security maturity.
Reference44 articles.
1. AlAboodi, S. (2006). A New Approach for Assessing the Maturity of Information Security. Retrieved from http://www.isaca.org/Journal/Past-Issues/2006/Volume-3/Pages/A-New-Approach-for-Assessing-the-Maturity-of-Information-Security1.aspx
2. Information Security management: A human challenge?
3. Some empirical evidence on IS Strategy Alignment in banking
4. Achieving and Sustaining Business - IT alignment.;T.Brier;California Management Review,1999
Cited by
5 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献