COMPARISON OF MATURITY MODELS OF INFORMATION SECURITY PROCESSES OF AN ORGANISATION (COMPANY)

Authors

DOI:

https://doi.org/10.17721/ISTS.2024.7.24-30

Keywords:

model, maturity assessment, threat, information security

Abstract

Background. The increase in malicious activity in the information and cyberspace poses a challenge to the leaders of enterprises (organizations) and the leaders of companies with additional tasks and benefits to protect their assets. The loss of assets, for example, financial or technological, can make it impossible for the company to achieve its basic function - to generate profits. Methods. The work used the information security risk analysis method. Results. Сreation and promotion of current information security systems. Organizations spend significant financial resources on the development and operation of technology protection, create various structural subdivisions, such as the assessment and provision of a similar level and information security of the enterprise (company). At the same time, there is a real risk of the current situation if malicious and more current technologies are able to rig the system to protect the company and cause irrevocable costs, both financial and reputational. Сonclusions. One of the main directions of this problem is the creation of an information security management system (ISMS), which is a warehouse management system for an organization (company) and is assessed without bears the risks of creating, implementing, operating, operational monitoring, review, support and thorough information security organizations (enterprises). The ISMS includes the organizational structure of the organization (company), its policies, nutritional planning, monitoring of labor costs, promotion of daily practices, control and support of resource processes. As a best practice, to assess the level of information security of an organization, it is recommended to use a different approach that is based on the capabilities of process maturity models. The extracted results can be used to thoroughly and optimize the created information security system of the organization (company). There are currently a wide range of information security maturity assessment models available to organizations based on similar principles. In this case, it is realistic to select such models to be limited, first and foremost through a weak connection to the characteristics of specific organizations. The work examines models of the maturity of processes, their structure and the ability to evolve in the course of assessing the level of information security.

Downloads

Download data is not yet available.

References

Гребенніков, А., & Щебланін, Ю. (2018). Аналіз використання моделей зрілості процесів у ході оцінювання рівня інформаційної безпеки. Сучасний захист інформації, 1(33), 33–37.

Рой, Я. В., Рябчун, О. П., & Єрмошин, В. В. (2020). Модель зрілості можливостей системи кібербезпеки на об'єктах критичної інфраструктури енергетичного сектору ES-C2M2. Кібербезпека: освіта, наука, техніка, 2(10), 67–72.

Department of Energy: Cybersecurity Capability Maturity Model (2014). Version 1.1, Department of Homeland Security. https://www.energy.gov/ceser/cybersecurity-capability-maturity-model-c2m2.

Downloads

Published

2024-07-01

Issue

Vol. 1 No. 7 (2024): Information systems and technologies security

Section

Cybersecurity and information protection

How to Cite

COMPARISON OF MATURITY MODELS OF INFORMATION SECURITY PROCESSES OF AN ORGANISATION (COMPANY). (2024). Information Systems and Technologies Security, 1(7), 24-30. https://doi.org/10.17721/ISTS.2024.7.24-30

Most read articles by the same author(s)