Information and cyber security maturity models: a systematic literature review
| Autor: | Anass Rabii, Saliha Assoul, Khadija Ouazzani Touhami, Ounsa Roudies |
|---|---|
| Rok vydání: | 2020 |
| Předmět: |
Information Systems and Management
Computer Networks and Communications Computer science 05 social sciences 02 engineering and technology Information security Computer security computer.software_genre Maturity (finance) Field (computer science) Management Information Systems Task (project management) Capability Maturity Model Systematic review 020204 information systems Management of Technology and Innovation 0502 economics and business 0202 electrical engineering electronic engineering information engineering Bodywork Information system computer 050203 business & management Software Information Systems |
| Zdroj: | Information & Computer Security. 28:627-644 |
| ISSN: | 2056-4961 |
| DOI: | 10.1108/ics-03-2019-0039 |
| Popis: | Purpose This paper aims to clarify the uncertainty reflected in the current state of information security maturity evaluation where it has not enough matured and converged so that a generic approach or many specfics approaches become the go-to choice. In fact, in the past decade, many secruity maturity models are still being produced and remain unproven regardless of the existence of ISO 21827. Design/methodology/approach The authors have used the systematic literature review to summarize existing research, help identify gaps in the existing literature and provide background for positioning new research studies. Findings The authors highlighted the prevalent influence of the ISO/IEC 27001/27002 standard but raised the necessity for an in-depth investigation of ISO 21827. The authors also made the implementation facet a central topic of our review. The authors found out that, compared to the number of proposed models, implementation experiments are lacking. This could be due to the arduous task of validation and it could also be the reason why specific models are dominant. Originality/value While the research literature contains many experience reports and a few case studies on information security maturity evaluation, a systematic review and synthesis of this growing field of research is unavailable as far as the authors know. In fact, the authors only picked-up one bodywork [Maturity models in cyber security A systematic review (2017)] carrying out a literature review on security maturity models between 2012 and 2017, written in Spanish. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|