University of Twente Student Theses

Login

Security by decision-making : a decision-making capability model for security countermeasures

Koridon, M.S. (2019) Security by decision-making : a decision-making capability model for security countermeasures.

[img] PDF
9MB
Abstract:In organisations, decision-making about choosing the right security countermeasure to mitigate risks is a complex task. In order to aid organisations in establishing a decision-making process that enables them to make the right choice for countermeasures, this research introduces the Decision-Making Capability Model for Security Countermeasures. Through a systematic literature review of 500 papers, a study of 6 maturity capability models and interviews with 5 security consultants a list with important decision-making factors has been compiled. This list is discussed with 12 decision-makers from practice in a three-round Delphi study. Based on the Delphi study, the Decision-Making Capability Model for Security Countermeasures has been produced. The model consists of 8 factors that should be included in the decision-making process about countermeasures. An example of a found factor is ’Comply to laws, regulations and contracts’. The combination of factors describe all aspects of the decision-making process about security countermeasures. To validate the model, two interviews with security consultants and two case studies about the Decision-Making Capability Model for Security Countermeasures been carried out. This has demonstrated the value of the capability model for self-assessment of the decision-making process of the organisation in order to improve the decision-making process. Furthermore, the model presents an accurate view of the capability of the organisation. The model can further be improved by adding an answer in between ‘Yes’ and ‘No’ in order to make the results of the model less harsh and more fitted towards organisations. In addition to improving this capability model, research should look into the decision-making process of different organisations to understand them even better. This understanding can lead to an improved fit of the models created in research and the use practice has for them. The main contribution of this research is a model that can assess and help improve the decision-making process about security countermeasures. Combining academic and practical sources provided a comprehensive view on the decision-making process about countermeasures and the important factors that should be taken into account in this process. Eventually, this process can provide effective security countermeasures and an improved information security of the organisation.
Item Type:Essay (Master)
Clients:
Northwave, Nieuwegein, Netherlands
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:50 technical science in general, 54 computer science
Programme:Business Information Technology MSc (60025)
Link to this item:https://purl.utwente.nl/essays/79588
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page