A Balanced Information Security Maturity Model Based on ISO/IEC 27001:2013 and O-ISM3


Authors : Dr. Muneer A.S Hazza Almekhlafi; Maged Sultan A.A Almekhlafi

Volume/Issue : Volume 8 - 2023, Issue 6 - June

Google Scholar : https://bit.ly/43uxUln

Scribd : https://tinyurl.com/27846cpd

DOI : https://doi.org/10.5281/zenodo.8171179

Abstract : Today, Information technology is widely used in most fields, and most companies depend on information systems to assist in doing their daily work. In most cases, business continuity requires companies to be connected to the internet, and this exposes information to different risks and increases the probability of exposure of information to security threats and cyber-attacks. These risks can be mitigated by adopting an information security management system (ISMS). Currently, a wide range of information security maturity models have been developed to be used by different types of organizations in order to implement and evaluate the maturity level of information security. This research proposes an information security maturity model named (BISM) with three progressive maturity levels (Basic, Intermediate, Advanced) which contain 54 security controls obtained by mapping and merging the 114 security controls of ISO/IEC 27001:2013 and the 45 security processes of O-ISM3. The security controls of BISM are chosen carefully to cover the most needs of organizations to implement ISMS with high flexibility. This model could be of great value for all types of organizations as it helps them to precisely assess the maturity of information security management system and enables them to establish and implement an ISMS by choosing and applying the most important security controls that are more suitable to their sizes and business needs.

Keywords : Information Security, Maturity Model, ISMS, ISO/IEC 27001, O-ISM3, Cybersecurity Introduction.

Today, Information technology is widely used in most fields, and most companies depend on information systems to assist in doing their daily work. In most cases, business continuity requires companies to be connected to the internet, and this exposes information to different risks and increases the probability of exposure of information to security threats and cyber-attacks. These risks can be mitigated by adopting an information security management system (ISMS). Currently, a wide range of information security maturity models have been developed to be used by different types of organizations in order to implement and evaluate the maturity level of information security. This research proposes an information security maturity model named (BISM) with three progressive maturity levels (Basic, Intermediate, Advanced) which contain 54 security controls obtained by mapping and merging the 114 security controls of ISO/IEC 27001:2013 and the 45 security processes of O-ISM3. The security controls of BISM are chosen carefully to cover the most needs of organizations to implement ISMS with high flexibility. This model could be of great value for all types of organizations as it helps them to precisely assess the maturity of information security management system and enables them to establish and implement an ISMS by choosing and applying the most important security controls that are more suitable to their sizes and business needs.

Keywords : Information Security, Maturity Model, ISMS, ISO/IEC 27001, O-ISM3, Cybersecurity Introduction.

Never miss an update from Papermashup

Get notified about the latest tutorials and downloads.

Subscribe by Email

Get alerts directly into your inbox after each post and stay updated.
Subscribe
OR

Subscribe by RSS

Add our RSS to your feedreader to get regular updates from us.
Subscribe