Authors : Dr. Muneer A.S Hazza Almekhlafi; Maged Sultan A.A Almekhlafi

Volume/Issue : Volume 8 - 2023, Issue 6 - June

Google Scholar : https://bit.ly/43uxUln

Scribd : https://tinyurl.com/27846cpd

DOI : https://doi.org/10.5281/zenodo.8171179

Abstract : Today, Information technology is widely used in most fields, and most companies depend on information systems to assist in doing their daily work. In most cases, business continuity requires companies to be connected to the internet, and this exposes information to different risks and increases the probability of exposure of information to security threats and cyber-attacks. These risks can be mitigated by adopting an information security management system (ISMS). Currently, a wide range of information security maturity models have been developed to be used by different types of organizations in order to implement and evaluate the maturity level of information security. This research proposes an information security maturity model named (BISM) with three progressive maturity levels (Basic, Intermediate, Advanced) which contain 54 security controls obtained by mapping and merging the 114 security controls of ISO/IEC 27001:2013 and the 45 security processes of O-ISM3. The security controls of BISM are chosen carefully to cover the most needs of organizations to implement ISMS with high flexibility. This model could be of great value for all types of organizations as it helps them to precisely assess the maturity of information security management system and enables them to establish and implement an ISMS by choosing and applying the most important security controls that are more suitable to their sizes and business needs.

Keywords : Information Security, Maturity Model, ISMS, ISO/IEC 27001, O-ISM3, Cybersecurity Introduction.