Evaluation of Escalation Maturity Model for IT Security Risk Management [Elektronisk resurs] A Design Science Work in Progress

• In this early stage paper we present a draft of an IT Security Risk Escalation Capability Maturity Model. This model is used to develop a new approach to IT Security Risk Management where IT Security Risk Management is placed as a recurring activity at all levels of the organization including the strategic, tactical and operational levels. To construct this model we combined ISO 27005 framework for IT Security Risk Management with NIST Multitier framework and take elements from the ISAC IT Risk framework. We end our paper with an outline of our current plans to evaluate this escalation maturity model by using expert groups to rank outcomes of response to similar IT incidents by different organization that have been ranked according to this maturity model. In this way we hope to establish if there are correlations as to the maturity level of an organization and how well it responds to an IT incident. 

Ämnesord

Natural Sciences  (hsv)

Computer and Information Sciences  (hsv)

Information Systems  (hsv)

Naturvetenskap  (hsv)

Data- och informationsvetenskap  (hsv)

Systemvetenskap, informationssystem och informatik  (hsv)

data- och systemvetenskap  (su)

Computer and Systems Sciences  (su)

Genre

government publication  (marcgt)

Indexterm och SAB-rubrik

Incident escalation

Maturity models

IT security risk management

IT security risk monitoring

IT security risk communication