Abstract

Business processes are supported by information technologies, although many processes and information systems were not designed to be secure. The lack of a security evaluation method might expose organizations to several risky situations. This work presents an information security maturity management process which uses a measurement method and a set of controls which treat information security on a comprehensive way. The results indicate that the method is efficient for evaluating the current state of information security, to support information security management, risks identification, the improvement of business processes and internal control processes.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.