國立虎尾科技大學 |

Identifying Factors Contributing towards Information Security Maturity in an Organization.

紀錄類型:	書目-語言資料,印刷品 : Monograph/item
正題名/作者:	Identifying Factors Contributing towards Information Security Maturity in an Organization./
作者:	Edwards, Madhuri M.
出版者:	Ann Arbor : ProQuest Dissertations & Theses, : 2018,
面頁冊數:	245 p.
附註:	Source: Dissertation Abstracts International, Volume: 79-07(E), Section: B.
Contained By:	Dissertation Abstracts International79-07B(E).
標題:	Information technology. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=10746212
ISBN:	9780355665338

Identifying Factors Contributing towards Information Security Maturity in an Organization.
Edwards, Madhuri M.

Identifying Factors Contributing towards Information Security Maturity in an Organization. - Ann Arbor : ProQuest Dissertations & Theses, 2018 - 245 p.

Source: Dissertation Abstracts International, Volume: 79-07(E), Section: B.

Thesis (Ph.D.)--Nova Southeastern University, 2018.

Information security capability maturity (ISCM) is a journey towards accurate alignment of business and security objectives, security systems, processes, and tasks integrated with business-enabled IT systems, security enabled organizational culture and decision making, and measurements and continuous improvements of controls and governance comprising security policies, processes, operating procedures, tasks, monitoring, and reporting. Information security capability maturity may be achieved in five levels: performing but ad-hoc, managed, defined, quantitatively governed, and optimized. These five levels need to be achieved in the capability areas of information integrity, information systems assurance, business enablement, security processes, security program management, competency of security team, security consciousness in employees, and security leadership. These areas of capabilities lead to achievement of technology trustworthiness of security controls, integrated security, and security guardianship throughout the enterprise, which are primary capability domains for achieving maturity of information security capability in an organization. There are many factors influencing the areas of capabilities and the capability domains for achieving information security capability maturity. However, there is little existing study done on identifying the factors that contribute to achievement of the highest level of information security capability maturity (optimized) in an organization.

ISBN: 9780355665338Subjects--Topical Terms:

559429
Information technology.

Identifying Factors Contributing towards Information Security Maturity in an Organization.
LDR:05096nam a2200349 4500 001 890785
005 20180727091503.5
008 180907s2018 ||||||||||||||||| ||eng d
020 $a 9780355665338
035 $a (MiAaPQ)AAI10746212
035 $a (MiAaPQ)scisnova:10496
035 $a AAI10746212
040 $a MiAaPQ $c MiAaPQ
100 1 $a Edwards, Madhuri M. $3 1148697
245 1 0 $a Identifying Factors Contributing towards Information Security Maturity in an Organization.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2018
300 $a 245 p.
500 $a Source: Dissertation Abstracts International, Volume: 79-07(E), Section: B.
500 $a Adviser: Gurvirender Tejay.
502 $a Thesis (Ph.D.)--Nova Southeastern University, 2018.
520 $a Information security capability maturity (ISCM) is a journey towards accurate alignment of business and security objectives, security systems, processes, and tasks integrated with business-enabled IT systems, security enabled organizational culture and decision making, and measurements and continuous improvements of controls and governance comprising security policies, processes, operating procedures, tasks, monitoring, and reporting. Information security capability maturity may be achieved in five levels: performing but ad-hoc, managed, defined, quantitatively governed, and optimized. These five levels need to be achieved in the capability areas of information integrity, information systems assurance, business enablement, security processes, security program management, competency of security team, security consciousness in employees, and security leadership. These areas of capabilities lead to achievement of technology trustworthiness of security controls, integrated security, and security guardianship throughout the enterprise, which are primary capability domains for achieving maturity of information security capability in an organization. There are many factors influencing the areas of capabilities and the capability domains for achieving information security capability maturity. However, there is little existing study done on identifying the factors that contribute to achievement of the highest level of information security capability maturity (optimized) in an organization.
520 $a This research was designed to contribute to this area of research gap by identifying the factors contributing to the areas of capabilities for achieving the highest level of information security capability maturity. The factors were grouped under the eight capability areas and the three capability domains in the form of an initial structural construct. This research was designed to collect data on all the factors using an online structured questionnaire and analyzing the reliability and validity of the initial structural construct following the methods of principal components analysis (PCA), Cronbach Alpha reliability analysis, confirmatory factor analysis (CFA), and structural equation modeling. A number of multivariate statistical tests were conducted on the data collected regarding the factors to achieve an optimal model reflecting statistical significance, reliability, and validity. The research was conducted in four phases: expert panel and pilot study (first phase), principal component analysis (PCA) and reliability analysis (RA) of the factor scales (second phase), confirmatory factor analysis (CFA) using LISREL (third phase), and structural equation modeling (SEM) using LISREL (fourth phase). The final model subsequent to completing the four phases reflected acceptance or rejection of the eleven hypotheses defined in the initial structural construct of this study.
520 $a The final optimized model was obtained with the most significant factors loading on the capability areas of information integrity, information security assurance, business enablement, security process maturity, security program management, competency of security team, security conscious employees, and security leadership, including the most significant factors loading the three capability domains of security technology trustworthiness, security integration, and security guardianship. All the eleven hypotheses were accepted as part of the optimal structural construct of the final model. The model provides a complex integrated framework of information security maturity requiring multi-functional advancements and maturity in processes, people, and technology, and organized security program management and communications fully integrated with the business programs and communications. Information security maturity is concluded as a complex function of multiple maturity programs in an organization leading to organized governance structures, multiple maturity programs, leadership, security consciousness, and risk-aware culture of employees.
590 $a School code: 1191.
650 4 $a Information technology. $3 559429
650 4 $a Information science. $3 561178
650 4 $a Computer science. $3 573171
650 4 $a Organizational behavior. $3 557544
690 $a 0489
690 $a 0723
690 $a 0984
690 $a 0703
710 2 $a Nova Southeastern University. $b Information Systems. $3 1148698
773 0 $t Dissertation Abstracts International $g 79-07B(E).
790 $a 1191
791 $a Ph.D.
792 $a 2018
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=10746212