Enhancing the conventional information security management maturity model (ISM3) in resolving human factors in organization information sharing

Abstract

Information sharing in organization has been considered as an important approach in increasing organizational efficiency, performance and decision making. With the present and advances in information and communication technology, sharing information and exchanging of data across organizations has become more feasible in organization. However, information sharing has been a complex task over the years and identifying factors that influence information sharing across organization has becomes crucial and critical. Researchers have taken several methods and approaches to resolve problems in information sharing at all levels without a lasting solution, as sharing is best understood as a practice that reflects behavior, social, economic, legal and technological influences. Due to the limitation of the conventional ISM3 standards to address culture, social, legislation and human behavior, the findings in this paper suggest that, a centralized information structure without human practice, distribution of information and coordination is not effective. This paper reviews the previous information sharing research, outlines the factors affecting information sharing and the different practices needed to improve the management of information security by recommending several combinations of information security and coordination mechanism for reducing uncertainty during sharing of information .This thesis proposes information security management protocol (ISMP) as an enhancement towards ISM3 to resolve the above problems. This protocol provides a means for practitioners to identify key factors involved in successful information sharing. The first one is the identification of all stakeholders to be incorporated into information flow. The second is the integration of the existing information sharing legal frameworks, information sharing protocols, information security standards from the ISO/IEC 27001 and management standard ISO9001 with the existing information security management model (ISM3). An experiment was conducted to evaluate the performance of the proposed protocol. The results revealed that interoperability, culture and behavior towards information sharing improved by an average of 10 percent.