 Investigation into the State-of-Practice of Operations Security Management Based on ISO/IEC 27002Winfred Yaokumah
International Journal of Technology Diffusion (IJTD), 2016, vol. 7, issue 1, 53-72 Abstract: This study assessed information security management in organizations through a questionnaire based on the ISO/IEC 27002, with special focus on operations security. A survey with cross-sectional research design was conducted and data collected from 223 participants from 56 organizations. Overall, the level of operations security maturity was 61.2%, which is the maturity Level 3 (well-defined). This level suggested that operations security controls and processes were documented, approved, and implemented organization-wide. Backups and malware protection were the most implemented security controls, while logging, auditing and monitoring were the least implemented controls. Assessment of inter-organizational operations security found significant differences among the organizations. Financial and Health Care Institutions outperform Educational Institutions and Government Public Service. The study provided insight into maturity levels of operations security controls and the results useful for benchmarking inter-organizational performance, competitiveness and improvement in information security. Date: 2016 Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:igg:jtd000:v:7:y:2016:i:1:p:53-72 Access Statistics for this article International Journal of Technology Diffusion (IJTD) is currently edited by Ali Hussein Saleh Zolait More articles in International Journal of Technology Diffusion (IJTD) from IGI Global |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.