Advanced approach to information security management system utilizing maturity models in critical infrastructure

Youngin You, Junhyoung Oh, Sooheon Kim, Kyung Ho Lee

Research output: Contribution to journalArticle

Abstract

As the area covered by the CPS grows wider, agencies such as public institutions and critical infrastructure are collectively measuring and evaluating information security capabilities. Currently, these methods of measuring information security are a concrete method of recommendation in related standards. However, the security controls used in these methods are lacking in connectivity, causing silo effect. In order to solve this problem, there has been an attempt to study the information security management system in terms of maturity. However, to the best of our knowledge, no research has considered the specific definitions of each level that measures organizational security maturity or specific methods and criteria for constructing such levels. This study developed an information security maturity model that can measure and manage the information security capability of critical infrastructure based on information provided by an expert critical infrastructure information protection group. The proposed model is simulated using the thermal power sector in critical infrastructure of the Republic of Korea to confirm the possibility of its application to the field and derive core security processes and goals that constitute infrastructure security maturity. The findings will be useful for future research or practical application of infrastructure ISMSs.

Original languageEnglish
Pages (from-to)4995-5014
Number of pages20
JournalKSII Transactions on Internet and Information Systems
Volume12
Issue number10
DOIs
Publication statusPublished - 2018 Jan 1

Fingerprint

Critical infrastructures
Security of data

Keywords

  • Critical infrastructure
  • Information Security Management System
  • Maturity model
  • Security evaluation

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications

Cite this

Advanced approach to information security management system utilizing maturity models in critical infrastructure. / You, Youngin; Oh, Junhyoung; Kim, Sooheon; Lee, Kyung Ho.

In: KSII Transactions on Internet and Information Systems, Vol. 12, No. 10, 01.01.2018, p. 4995-5014.

Research output: Contribution to journalArticle

@article{e5a7c887f6ff42f6aafb090c6a11f70d,
title = "Advanced approach to information security management system utilizing maturity models in critical infrastructure",
abstract = "As the area covered by the CPS grows wider, agencies such as public institutions and critical infrastructure are collectively measuring and evaluating information security capabilities. Currently, these methods of measuring information security are a concrete method of recommendation in related standards. However, the security controls used in these methods are lacking in connectivity, causing silo effect. In order to solve this problem, there has been an attempt to study the information security management system in terms of maturity. However, to the best of our knowledge, no research has considered the specific definitions of each level that measures organizational security maturity or specific methods and criteria for constructing such levels. This study developed an information security maturity model that can measure and manage the information security capability of critical infrastructure based on information provided by an expert critical infrastructure information protection group. The proposed model is simulated using the thermal power sector in critical infrastructure of the Republic of Korea to confirm the possibility of its application to the field and derive core security processes and goals that constitute infrastructure security maturity. The findings will be useful for future research or practical application of infrastructure ISMSs.",
keywords = "Critical infrastructure, Information Security Management System, Maturity model, Security evaluation",
author = "Youngin You and Junhyoung Oh and Sooheon Kim and Lee, {Kyung Ho}",
year = "2018",
month = "1",
day = "1",
doi = "10.3837/tiis.2018.10.020",
language = "English",
volume = "12",
pages = "4995--5014",
journal = "KSII Transactions on Internet and Information Systems",
issn = "1976-7277",
publisher = "Korea Society of Internet Information",
number = "10",

}

TY - JOUR

T1 - Advanced approach to information security management system utilizing maturity models in critical infrastructure

AU - You, Youngin

AU - Oh, Junhyoung

AU - Kim, Sooheon

AU - Lee, Kyung Ho

PY - 2018/1/1

Y1 - 2018/1/1

N2 - As the area covered by the CPS grows wider, agencies such as public institutions and critical infrastructure are collectively measuring and evaluating information security capabilities. Currently, these methods of measuring information security are a concrete method of recommendation in related standards. However, the security controls used in these methods are lacking in connectivity, causing silo effect. In order to solve this problem, there has been an attempt to study the information security management system in terms of maturity. However, to the best of our knowledge, no research has considered the specific definitions of each level that measures organizational security maturity or specific methods and criteria for constructing such levels. This study developed an information security maturity model that can measure and manage the information security capability of critical infrastructure based on information provided by an expert critical infrastructure information protection group. The proposed model is simulated using the thermal power sector in critical infrastructure of the Republic of Korea to confirm the possibility of its application to the field and derive core security processes and goals that constitute infrastructure security maturity. The findings will be useful for future research or practical application of infrastructure ISMSs.

AB - As the area covered by the CPS grows wider, agencies such as public institutions and critical infrastructure are collectively measuring and evaluating information security capabilities. Currently, these methods of measuring information security are a concrete method of recommendation in related standards. However, the security controls used in these methods are lacking in connectivity, causing silo effect. In order to solve this problem, there has been an attempt to study the information security management system in terms of maturity. However, to the best of our knowledge, no research has considered the specific definitions of each level that measures organizational security maturity or specific methods and criteria for constructing such levels. This study developed an information security maturity model that can measure and manage the information security capability of critical infrastructure based on information provided by an expert critical infrastructure information protection group. The proposed model is simulated using the thermal power sector in critical infrastructure of the Republic of Korea to confirm the possibility of its application to the field and derive core security processes and goals that constitute infrastructure security maturity. The findings will be useful for future research or practical application of infrastructure ISMSs.

KW - Critical infrastructure

KW - Information Security Management System

KW - Maturity model

KW - Security evaluation

UR - http://www.scopus.com/inward/record.url?scp=85057217012&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85057217012&partnerID=8YFLogxK

U2 - 10.3837/tiis.2018.10.020

DO - 10.3837/tiis.2018.10.020

M3 - Article

AN - SCOPUS:85057217012

VL - 12

SP - 4995

EP - 5014

JO - KSII Transactions on Internet and Information Systems

JF - KSII Transactions on Internet and Information Systems

SN - 1976-7277

IS - 10

ER -