Analysis of Relationships between Non-conformities, Process Maturity and Continual Improvement in Information Security Management Systems-Reference-Cited by-同舟云学术

Analysis of Relationships between Non-conformities, Process Maturity and Continual Improvement in Information Security Management Systems

Published:2024-06-01 Issue:1 Volume:18 Page:494-506
ISSN:2558-9652
Container-title:Proceedings of the International Conference on Business Excellence
language:en
Short-container-title:

Author:

Naumann Michael Matthias¹,Olaru Stelian Mircea¹,Lampe Georg Sven¹,Pitz Fabian¹

Affiliation:

1. Bucharest University of Economic Studies , , Romania

Abstract

Abstract In the current global context, companies need a defined minimum level of information security to recognize and deal with related threats and risks. Due to market, customer or legal requirements, specifications and requirements for information security are implemented uniformly according to standards such as the information security management standard ISO/IEC 27001 or industry-specific standards such as Trusted Information Security Assessment Exchange - TISAX, ISO IEC 27019 Energy Utility Information Security Standard. The conformity to these standard requirements within the established management system is checked during periodically required audits. However, there are various reasons for which, even after many years of audits in companies, there are still insufficient process implementations for information security requirements. The aim of the paper is to analyze the status of conformity and thus also the process maturity in selected samples of companies that have already had information security management systems (ISMS) implemented for several years. In detail, the reasons for deviations from the minimum requirements with associated risks for the security of information in companies were analyzed, which allow conclusions to be drawn about possible process improvements. The paper also analyzes why, despite established measures and existing expertise, only a limited level of process maturity is achieved on average. Other possible approaches to the implementation procedure for dealing with non-conformities in information security are also considered. The results of this research show that there is a need for an adjusted continuous improvement process, which makes risks resulting from insufficient process maturity more visible. Proposals for such improvements are listed.

Publisher

Walter de Gruyter GmbH

Link

https://www.sciendo.com/pdf/10.2478/picbe-2024-0043

Reference16 articles.

1. BSI. (2020). Orientation guide to documentation of compliance according to Section 8a (3) BSIG.

2. European Commission (2003). SME definition. https://single-market-economy.ec.europa.eu/smes/sme-definition_en

3. European Commission (2021). Commission staff working document evaluation of Recommendation of 6 May 2003 concerning the definition of micro, small and mediumsized enterprises (2003/361/EC), https://ec.europa.eu/transparency/documents-register/detail?ref=SWD(2021)279&lang=en.

4. Ionescu, R. C., Olaru M., Sargut K. (2019). Study of the Information Security Impact on the Business Continuity, in Proceedings of the 34th International Business Information Management Association Conference (IBIMA), Madrid, Spain, 11/13-14/2019, Pag.: 4279-4287, ISBN: 978-0-9998551-3-3, https://apps-webofknowledge-com.am.enformation.ro/full_record.do?product=WOS&search_mode=GeneralSearch&qid=1&SID=F1Popqoibfu8upwkh1Q&page=1&doc=2

5. Ismail, U. M., Islam, S. (2020). A unified framework for cloud security transparency and audit. Journal of Information Security and Applications, 54, 102594. https://doi.org/10.1016/j.jisa.2020.102594