Authors :
Dr. Muneer A.S Hazza Almekhlafi; Maged Sultan A.A Almekhlafi
Volume/Issue :
Volume 8 - 2023, Issue 6 - June
Google Scholar :
https://bit.ly/43uxUln
Scribd :
https://tinyurl.com/27846cpd
DOI :
https://doi.org/10.5281/zenodo.8171179
Abstract :
Today, Information technology is widely used in most
fields, and most companies depend on information systems to
assist in doing their daily work. In most cases, business
continuity requires companies to be connected to the internet,
and this exposes information to different risks and increases the
probability of exposure of information to security threats and
cyber-attacks. These risks can be mitigated by adopting an
information security management system (ISMS). Currently, a
wide range of information security maturity models have been
developed to be used by different types of organizations in order
to implement and evaluate the maturity level of information
security. This research proposes an information security
maturity model named (BISM) with three progressive maturity
levels (Basic, Intermediate, Advanced) which contain 54 security
controls obtained by mapping and merging the 114 security
controls of ISO/IEC 27001:2013 and the 45 security processes of
O-ISM3. The security controls of BISM are chosen carefully to
cover the most needs of organizations to implement ISMS with
high flexibility. This model could be of great value for all types
of organizations as it helps them to precisely assess the maturity
of information security management system and enables them to
establish and implement an ISMS by choosing and applying the
most important security controls that are more suitable to their
sizes and business needs.
Keywords :
Information Security, Maturity Model, ISMS, ISO/IEC 27001, O-ISM3, Cybersecurity Introduction.
Today, Information technology is widely used in most
fields, and most companies depend on information systems to
assist in doing their daily work. In most cases, business
continuity requires companies to be connected to the internet,
and this exposes information to different risks and increases the
probability of exposure of information to security threats and
cyber-attacks. These risks can be mitigated by adopting an
information security management system (ISMS). Currently, a
wide range of information security maturity models have been
developed to be used by different types of organizations in order
to implement and evaluate the maturity level of information
security. This research proposes an information security
maturity model named (BISM) with three progressive maturity
levels (Basic, Intermediate, Advanced) which contain 54 security
controls obtained by mapping and merging the 114 security
controls of ISO/IEC 27001:2013 and the 45 security processes of
O-ISM3. The security controls of BISM are chosen carefully to
cover the most needs of organizations to implement ISMS with
high flexibility. This model could be of great value for all types
of organizations as it helps them to precisely assess the maturity
of information security management system and enables them to
establish and implement an ISMS by choosing and applying the
most important security controls that are more suitable to their
sizes and business needs.
Keywords :
Information Security, Maturity Model, ISMS, ISO/IEC 27001, O-ISM3, Cybersecurity Introduction.