Maturity Level of Information Systems Security and Control: A Survey of Companies in Thailand

Abstract

The objective of this study is to survey companies’ information systems security and control, and todevelop a maturity level of information systems security and control application. This application shows a company’s position of information systems security and control by comparing this position with other companies. This study is survey research. Participants are chief information security officers of 304 Stock Exchange of Thailand listed companies within eight industry groups (services, property and construction, industrials, financials, agriculture and food industry, consumer products, technology, and natural resources). The findings suggest that all companies are aware of security of network access control. Many companies also implement information security policies, asset management systems, and access controls for data, information systems and business applications.