IDEAS home Printed from https://ideas.repec.org/a/plo/pone00/0163050.html
   My bibliography  Save this article

Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation

Author

Listed:
  • Igor Bernik
  • Kaja Prislan

Abstract

Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model—ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it’s recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

Suggested Citation

  • Igor Bernik & Kaja Prislan, 2016. "Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation," PLOS ONE, Public Library of Science, vol. 11(9), pages 1-33, September.
    • Handle: RePEc:plo:pone00:0163050
    DOI: 10.1371/journal.pone.0163050
    as

    Download full text from publisher

    File URL: https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0163050
    Download Restriction: no
    File URL: https://journals.plos.org/plosone/article/file?id=10.1371/journal.pone.0163050&type=printable
    Download Restriction: no
    File URL: https://libkey.io/10.1371/journal.pone.0163050?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Willison , Robert, 2006. "Understanding the Perpetration of Employee Computer Crime in the Organisational Context," Working Papers 2006-4, Copenhagen Business School, Department of Informatics.
    2. Hee-Kyung Kong & Tae-Sung Kim & Jungduk Kim, 2012. "An analysis on effects of information security investments: a BSC perspective," Journal of Intelligent Manufacturing, Springer, vol. 23(4), pages 941-953, August.
    3. Jian Hua & Sanjay Bapna, 2013. "Who Can We Trust?: The Economic Impact of Insider Threats," Journal of Global Information Technology Management, Taylor & Francis Journals, vol. 16(4), pages 47-67, October.
    4. Hoque, Zahirul, 2004. "A contingency model of the association between strategy, environmental uncertainty and performance measurement: impact on organizational performance," International Business Review, Elsevier, vol. 13(4), pages 485-502, August.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Lis Piotr & Mendel Jacob, 2019. "Cyberattacks on critical infrastructure: An economic perspective," Economics and Business Review, Sciendo, vol. 5(2), pages 24-47, June.
    2. Niloofar Etemadi & Pieter Van Gelder & Fernanda Strozzi, 2021. "An ISM Modeling of Barriers for Blockchain/Distributed Ledger Technology Adoption in Supply Chains towards Cybersecurity," Sustainability, MDPI, vol. 13(9), pages 1-28, April.
    3. Tejaswini C. Herath & Hemantha S. B. Herath & David Cullum, 2023. "An Information Security Performance Measurement Tool for Senior Managers: Balanced Scorecard Integration for Security Governance and Control Frameworks," Information Systems Frontiers, Springer, vol. 25(2), pages 681-721, April.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Brache, Jose & Felzensztein, Christian, 2019. "Exporting firm’s engagement with trade associations: Insights from Chile," International Business Review, Elsevier, vol. 28(1), pages 25-35.
    2. Trkman, Peter, 2010. "The critical success factors of business process management," International Journal of Information Management, Elsevier, vol. 30(2), pages 125-134.
    3. Jafar Ojra & Abdullah Promise Opute & Mohammad Mobarak Alsolmi, 2021. "Strategic management accounting and performance implications: a literature review and research agenda," Future Business Journal, Springer, vol. 7(1), pages 1-17, December.
    4. Amitava Dutta & Rahul Roy, 2008. "Dynamics of organizational information security," System Dynamics Review, System Dynamics Society, vol. 24(3), pages 349-375, September.
    5. Noor Ahmad & T. Ramayah, 2012. "Does the Notion of ‘Doing Well by Doing Good’ Prevail Among Entrepreneurial Ventures in a Developing Nation?," Journal of Business Ethics, Springer, vol. 106(4), pages 479-490, April.
    6. Kanittha Pattanasing & Somnuk Aujirapongpan & Supit Ritkaew & Anuman Chanthawong & Sirichai Deelers, 2021. "The impact of dynamic capabilities and dynamic performance measurement on competitive performance: evidence from Thai hotel entrepreneurs," Entrepreneurship and Sustainability Issues, VsI Entrepreneurship and Sustainability Center, vol. 8(3), pages 10-28, March.
    7. Tuan Zainun Tuanmat & Malcolm Smith, 2011. "The effects of changes in competition, technology and strategy on organizational performance in small and medium manufacturing companies," Asian Review of Accounting, Emerald Group Publishing Limited, vol. 19(3), pages 208-220, September.
    8. Mengmeng Song & Joseph Ugrin & Man Li & Jinnan Wu & Shanshan Guo & Wenpei Zhang, 2021. "Do Deterrence Mechanisms Reduce Cyberloafing When It Is an Observed Workplace Norm? A Moderated Mediation Model," IJERPH, MDPI, vol. 18(13), pages 1-16, June.
    9. Velez, Maria L. & Sanchez, Jose M. & Florez, Raquel & Alvarez-Dardet, Concha, 2015. "How control system information characteristics affect exporter–intermediary relationship quality," International Business Review, Elsevier, vol. 24(5), pages 812-824.
    10. Kathryn Merrick & Medria Hardhienata & Kamran Shafi & Jiankun Hu, 2016. "A Survey of Game Theoretic Approaches to Modelling Decision-Making in Information Warfare Scenarios," Future Internet, MDPI, vol. 8(3), pages 1-29, July.
    11. Tugba GURCAYLILAR YENIDOGAN & Alp YENIDOGAN, 2013. "Sozlesme Tasarimi: Tur Operatoru-Otel Kontenjan Sozlesmeleri," Ege Academic Review, Ege University Faculty of Economics and Administrative Sciences, vol. 13(3), pages 393-403.
    12. Henny N. Tambingon & Winwin Yadiati & Ccecilia Lelly Kewo, 2018. "Determinant Factors Influencing the Quality of Financial Reporting Local Government in Indonesia," International Journal of Economics and Financial Issues, Econjournals, vol. 8(2), pages 262-268.
    13. Ismail Elnihewi & Rapiah Mohamed, 2015. "Effect of Organisational Structure and Competition on Organisational Performance in Libyan Commercial Banks," Information Management and Business Review, AMH International, vol. 7(6), pages 50-55.
    14. Santosh B. Rane & Yahya A. M. Narvel, 2021. "Leveraging the industry 4.0 technologies for improving agility of project procurement management processes," International Journal of System Assurance Engineering and Management, Springer;The Society for Reliability, Engineering Quality and Operations Management (SREQOM),India, and Division of Operation and Maintenance, Lulea University of Technology, Sweden, vol. 12(6), pages 1146-1172, December.
    15. Shadi Alkhasawneh & Wan Anisah Binti Endut & Nik Mohd Norfadzilah Bin Nik Mohd Rashid, 2023. "The Influence of External Factors and Modern Management Accounting Techniques Adoption on Organizational Performance," Economic Studies journal, Bulgarian Academy of Sciences - Economic Research Institute, issue 6, pages 145-168.
    16. Henri, Jean-Francois, 2006. "Organizational culture and performance measurement systems," Accounting, Organizations and Society, Elsevier, vol. 31(1), pages 77-103, January.
    17. González-Torre, Pilar L. & Adenso-Díaz, Belarmino, 2006. "Reverse logistics practices in the glass sector in Spain and Belgium," International Business Review, Elsevier, vol. 15(5), pages 527-546, October.
    18. Adel R. Haedr & Messaoud Mehafdi, 2017. "Accounting for Management Control in Large Libyan Companies," Athens Journal of Business & Economics, Athens Institute for Education and Research (ATINER), vol. 3(3), pages 279-304, July.
    19. Al Quhtani Masoud, 2017. "Data Mining Usage in Corporate Information Security: Intrusion Detection Applications," Business Systems Research, Sciendo, vol. 8(1), pages 51-59, March.
    20. Waidi Adeniyi Akingbad, 2014. "Competitive Strategies and Improved Performance of Selected Nigeria Telecommunication Companies," Journal of Entrepreneurship, Management and Innovation, Fundacja Upowszechniająca Wiedzę i Naukę "Cognitione", vol. 10(4), pages 143-167.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:plo:pone00:0163050. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: plosone (email available below). General contact details of provider: https://journals.plos.org/plosone/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.