Security metrics maturity model for operational security

Muthukrishnan, Sri Murugarasan; Palaniappan, Sellappan

doi:10.1109/iscaie.2016.7575045

Cited by 9 publications

(6 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[4] performed risk analysis on an e-health self-care system and quantified the metrics using risk assessments technique based on severity and impact. Muthukrishnan et al [56] proposed a quantitative and qualitative metrics maturity method based on a scorecard.…”

Section: Security Metricsmentioning

confidence: 99%

Cybersecurity Metrics for Enhanced Protection of Healthcare IT Systems

Ahmed

Naqvi

Josephs

2019

2019 13th International Symposium on Medical Information and Communication Technology (ISMICT)

View full text Add to dashboard Cite

Cybersecurity incidents are on the rise in the healthcare sector and it is becoming a growing concern for the senior executives. The attack surface is expanding due to the large number of connected medical devices and the proliferation of portable devices such as smart phones, tablets and USB devices. In this paper, we will discuss some of the security challenges facing this sector and propose a set of cybersecurity metrics that could be used to enhance the protection of the IT systems.

show abstract

Section: Security Metricsmentioning

confidence: 99%

Cybersecurity Metrics for Enhanced Protection of Healthcare IT Systems

Ahmed

Naqvi

Josephs

2019

2019 13th International Symposium on Medical Information and Communication Technology (ISMICT)

View full text Add to dashboard Cite

show abstract

“…The definition of the system in terms of its components, the system is a collection of elements that interact to achieve certain goals. These components / subsystems cannot stand alone, but are interrelated with one another to form a single unit so that the goals and objectives of the system can be achieved (Muthukrishnan and Palaniappan 2016).…”

Section: Literature Review System Basis Conceptmentioning

confidence: 99%

“…Science is getting wider, the competition is getting higher. Integration between lecturers and students can be achieved well through a good information system (Muthukrishnan and Palaniappan 2016). The purpose of building an academic information system is to facilitate service and provide the best service to the entire academic community, so that the academic community can obtain information that is fast, accurate, relevant and guaranteed its security (Muthukrishnan and Palaniappan 2016).…”

Section: Introduction Backgroundmentioning

confidence: 99%

“…survive and compete in the midst of a fairly tight competition today due to the impact of the development of information technology, because information systems have a very important role in improving the quality and services in an organization (Muthukrishnan and Palaniappan 2016). NIST is a framework published by the National Institute of Standard Technology (NIST).…”

mentioning

confidence: 99%

See 1 more Smart Citation

Analysis and Evaluation of Academic Information System Security Using Nist Sp 800-26 Framework

Poningsih

Lubis

2022

SinkrOn

View full text Add to dashboard Cite

Along with the development of technology and information that is growing rapidly, currently the competition between educational institutions is getting stronger. If an institution is not able to keep up with the progress of information technology which is developing very quickly, it is certain that the institution will be left very far behind from all sides. However, there are things that really need to be considered due to the development of information technology, namely the consideration of the security of information systems owned by the Institution. For that we need an analysis and evaluation of the information system used to identify security in the information system. If the analysis and evaluation is not carried out, problems will arise related to the security of an information system such as data that is vulnerable to threats such as damaged and lost data so that the data becomes invalid. If the data is not valid, it is certain that the information generated will also not be reliable. Evaluation of information system security can be done with the framework. NIST is a framework that can be used to evaluate and identify security and risks in information systems. The information system security evaluation process is carried out by distributing questionnaires to the academic community in accordance with the NIST SP 800-26 framework and the data is managed to obtain the final result. The results of the academic information system security evaluation have an overall final score of 91.6%. The total value is obtained from the results of the number of calculations based on 3 components of the criteria tested, namely management control, operational control, and technical control. And from the 3 assessment criteria there are 17 sub-criteria that exist in each criterion. Based on this data, the security of the academic information system at AMIK Tunas Bangsa is included in the level 2 category, namely Documented Procedures.

show abstract

“…They proposed an approach based on ISO/IEC 27001:2013 to evaluate the capability maturity level of information security management. Muthukrisnan and Palaniappan [11] had disscussed their concern with regard to metrics in the information security maturity model. Recognize that the decision to invest in information security must be supported by some indicators or metrics that could be comprehended by the stakeholders and in-the-process, convince them that the investment will reduce the risk from information security issues.…”

Section: B Previous Workmentioning

confidence: 99%

Information Security Governance and Management Capability Assessment: A Lesson Learned from Directorate General of Taxes

Ashari

2020

j. penelit. pos inform.

View full text Add to dashboard Cite

The information has an important role in improving the business operation and serving the decision-making process. The emerging of e-commerce and e-government require more frequent data exchanges included sensitive data. This study will focus on looking at the portrait of the Directorate General of Tax (DGT) in planning and building the ability to enforce IT governance, especially those related to information security. In addition, this research can also be used as a DGT basis for continuous improvement. We use the ISGM capability model to combine COBIT 5 and ISO 27001 as an approach to measure the capability of organizations in governing and manage their information security. We found that DGT’s information security governance and management capability at overall is at level well defined. Almost of ISGM building blocks has been established according to tailor-made policy and standard. With this capability level, DGT’s ISGM could contribute to the business as shown in several DGT’s program. But, to get optimal value from ISGM DGT need to improve the capability level, especially related to organizational aspects like alignment with business strategies and resource management.

show abstract

Security metrics maturity model for operational security

Cited by 9 publications

References 2 publications

Cybersecurity Metrics for Enhanced Protection of Healthcare IT Systems

Cybersecurity Metrics for Enhanced Protection of Healthcare IT Systems

Analysis and Evaluation of Academic Information System Security Using Nist Sp 800-26 Framework

Information Security Governance and Management Capability Assessment: A Lesson Learned from Directorate General of Taxes

Contact Info

Product

Resources

About