Advanced approach to information security management system utilizing maturity models in critical infrastructure

Youngin You, Junhyoung Oh, Sooheon Kim, Kyung Ho Lee

Research output: Contribution to journalArticle

Abstract

As the area covered by the CPS grows wider, agencies such as public institutions and critical infrastructure are collectively measuring and evaluating information security capabilities. Currently, these methods of measuring information security are a concrete method of recommendation in related standards. However, the security controls used in these methods are lacking in connectivity, causing silo effect. In order to solve this problem, there has been an attempt to study the information security management system in terms of maturity. However, to the best of our knowledge, no research has considered the specific definitions of each level that measures organizational security maturity or specific methods and criteria for constructing such levels. This study developed an information security maturity model that can measure and manage the information security capability of critical infrastructure based on information provided by an expert critical infrastructure information protection group. The proposed model is simulated using the thermal power sector in critical infrastructure of the Republic of Korea to confirm the possibility of its application to the field and derive core security processes and goals that constitute infrastructure security maturity. The findings will be useful for future research or practical application of infrastructure ISMSs.

Original languageEnglish
Pages (from-to)4995-5014
Number of pages20
JournalKSII Transactions on Internet and Information Systems
Volume12
Issue number10
DOIs
Publication statusPublished - 2018 Jan 1

Keywords

  • Critical infrastructure
  • Information Security Management System
  • Maturity model
  • Security evaluation

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Advanced approach to information security management system utilizing maturity models in critical infrastructure'. Together they form a unique fingerprint.

  • Cite this