Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A Maturity Model for Measuring Organizations Escalation Capability of IT-related Security Incidents in Sweden
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
2016 (English)In: Workshop on Information Security and Privacy (WISP) 2016: Proceedings, Association for Information Systems, 2016, Vol. 8Conference paper, Published paper (Refereed)
Abstract [en]

Managing IT-related security incidents are a growing important issue facing the organizations in IT security risk management. We have used design science approach to develop an artifact to measure different organizations capabilities and maturity to handle IT-related security incidents. In this paper, we present how we have tested and will test the artifact on several different Swedish organizations. The participating organizations come from both the private and public sectors and all organizations handle critical infrastructure which can be damaged if an IT-related security incident occurs. Organizations had the opportunity to evaluating the actual model itself but also to test the model by calculating the organization's escalation capability using a query package for self-assessment. In this paper, we present the results of the self-assessment which indicate an overall low level of maturity in Sweden. The most remarkable result was only 20% of the participating organizations in the study had "Knowledge and Education" maturity above the lowest levels.

Place, publisher, year, edition, pages
Association for Information Systems, 2016. Vol. 8
Keyword [en]
Incident escalation, Maturity models, IT security risk management, Incident management.
National Category
Information Systems
Research subject
Computer and Systems Sciences
Identifiers
URN: urn:nbn:se:su:diva-144914OAI: oai:DiVA.org:su-144914DiVA: diva2:1117571
Conference
WISP 2016, Dublin, Ireland, December 10, 2016
Available from: 2017-06-29 Created: 2017-06-29 Last updated: 2017-08-16Bibliographically approved

Open Access in DiVA

No full text

Other links

Free full text

Search in DiVA

By author/editor
Wahlgren, GunnarKowalski, Stewart
By organisation
Department of Computer and Systems Sciences
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 1 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf