Information security compliance assessment using information security maturity model

Abstract

Information security is an essential factor for business today and is achieved by adopting the suitable set of practices, standards, process, policies and organizational structures. In order to recognize the strength and weaknesses of information security, organizations can implement information security model. Information Security Maturity Model (ISMM) as a security oriented model has been developed in order to determine the level of information security in organization. It has provided five (5) compliance levels of security which contain: none compliance, initial compliance, basic compliance, acceptable compliance and full compliance. The goal of this research is to assessing of the information security compliance in departments of UTM based on this model. So five (5) departments consist of three (3) offices (RMC, SPS, and CTL) and two (2) faculties (FKE, FKM) were chosen. Fully in-structured interview were performed with five (5) IT experts in case study. Analyzing data were done and information security compliance levels for these departments were determined. Based on results, basic compliance level was belonged to RMC and CTL, Wile acceptable compliance level to SPS, FKE and FKM. Besides, none of them were in Full compliance level. According to the results, suggestions in order to enhance compliance level of security were provided. Finally, for the improvement of ISMM model, some other future works were offered by this research.