Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A Maturity Model for IT-related Security Incident Management
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
Norwegian University of Science and Technology, Norway.
2019 (English)In: Business Information Systems: Proceedings, Part I / [ed] Witold Abramowicz, Rafael Corchuelo, Springer, 2019, p. 203-217Conference paper, Published paper (Refereed)
Abstract [en]

The purpose of the study is to validate the ability of a maturity model for measuring escalation capability of IT-related security incident. First, an Escalation Maturity Model (EMM) and a tool were developed to measure the maturity of an organization to escalate IT-related security incidents. An IT tool for self-assessment was used by a representative from three organizations in the Swedish health sector to measure the organization’s ability to escalate IT-related security incident. Second, typical security incident scenarios were created. The incident managers from the different organizations were interviewed about their organization’s capabilities to deal with these scenarios. Third, a number of independent information security experts, none of whom had seen the results of EMM, ranked how the three different organizations have handled the different scenarios using a measurable scale. Finally, the results of EMM are compared against the measurable result of the interviews to establish the predictive ability of EMM. The findings of the proof of concept study shows that the outcome of EMM and the way in which an organization would handle different incidents correspond well, at least for organizations with low and medium maturity levels.

Place, publisher, year, edition, pages
Springer, 2019. p. 203-217
Series
Lecture Notes in Business Information Processing, ISSN 1865-1348, E-ISSN 1865-1356 ; 353
Keywords [en]
Incident escalation, Incident management, Maturity models, Self-assessment.
National Category
Information Systems
Research subject
Computer and Systems Sciences
Identifiers
URN: urn:nbn:se:su:diva-177127DOI: 10.1007/978-3-030-20485-3_16ISBN: 978-3-030-20484-6 (print)ISBN: 978-3-030-20485-3 (electronic)OAI: oai:DiVA.org:su-177127DiVA, id: diva2:1379846
Conference
22nd International Conference, BIS 2019 Seville, Spain, June 26-28, 2019
Available from: 2019-12-17 Created: 2019-12-17 Last updated: 2020-01-07Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Search in DiVA

By author/editor
Wahlgren, GunnarKowalski, Stewart
By organisation
Department of Computer and Systems Sciences
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 2 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf