Towards An Information Security Maturity Model for Secure e-Government Services: A Stakeholders View
2011 (English)In: Proceedings of the 5th International Symposium on Human Aspects of Information Security & Assurance, HAISA , 2011, 58-73 p.Conference paper (Refereed)
The paper proposes a comprehensive information security maturity model (ISMM) that addresses both technical and socio/non-technical security aspects. The model is intended for securing e-government services (implementation and service delivery) in an emerging and increasing security risk environment. The paper applied inductive approach that utilizes extensive literature review and survey study approaches. A total of eight existing ISMMs were selected and critically analyzed. Models were then categorized into security awareness, evaluation and management orientations. Based on the model’s strengths – three models were selected to undergo further analyses and then they were synthesized. Each of the three selected models was either from the security awareness, evaluation or management orientations category. To affirm the findings – a survey study was conducted into six government organizations located in Tanzania. The study was structured to a large extent by the security controls adopted from the Security By Consensus (SBC) model. Finally, an ISMM with five critical maturity levels was proposed. The maturity levels were: undefined, defined, managed, controlled and optimized. The papers main contribution is the proposed model that addresses both technical and non-technical security services within the critical maturity levels. Additionally, the paper enhances awareness and understanding on the needs for security services be an integral part of e-government services to stakeholders.
Place, publisher, year, edition, pages
HAISA , 2011. 58-73 p.
e-Government, Information security, Maturity model, Security services, Technical and Non-technical security
Research subject Computer and Systems Sciences
IdentifiersURN: urn:nbn:se:su:diva-67206ISBN: ISBN: 978-1-84102-284-0OAI: oai:DiVA.org:su-67206DiVA: diva2:469623
International Symposium on Human Aspects of Information Security & Assurance (HAISA 2011), London, July 2011