Evaluation of Escalation Maturity Model for IT Security Risk Management: a design Science Work in Progress
2014 (English)In: 2014 Dewald Roode Worksshop on Information System Security Research: conference proceedings / [ed] Anthony Vance, Laxenburg: IFIP , 2014, -22 p.Conference paper (Refereed)
In this early stage paper we present a draft of an IT Security Risk Escalation Capability Maturity Model. This model is used to develop a new approach to IT Security Risk Management where IT Security Risk Management is placed as a recurring activity at all levels of the organization including the strategic, tactical and operational levels. To construct this model we combined ISO 27005 framework for IT Security Risk Management with NIST Multitier framework and take elements from the ISAC IT Risk framework. We end our paper with an outline of our current plans to evaluate this escalation maturity model by using expert groups to rank outcomes of response to similar IT incidents by different organization that have been ranked according to this maturity model. In this way we hope to establish if there are correlations as to the maturity level of an organization and how well it responds to an IT incident.
Place, publisher, year, edition, pages
Laxenburg: IFIP , 2014. -22 p.
Incident escalation, Maturity models, IT security risk management, IT security risk monitoring, IT security risk communication
Research subject Computer and Systems Sciences
IdentifiersURN: urn:nbn:se:su:diva-114727OAI: oai:DiVA.org:su-114727DiVA: diva2:793837
The 2014 Dewald Roode Workshop on Information Systems Security Research, IFIP WG8.11/WG11.13