University of Twente Student Theses
Security by decision-making : a decision-making capability model for security countermeasures
Koridon, M.S. (2019) Security by decision-making : a decision-making capability model for security countermeasures.
|
PDF
9MB |
| Abstract: | In organisations, decision-making about choosing the right security countermeasure to mitigate risks is a complex task. In order to aid organisations in establishing a decision-making process that enables them to make the right choice for countermeasures, this research introduces the Decision-Making Capability Model for Security Countermeasures. Through a systematic literature review of 500 papers, a study of 6 maturity capability models and interviews with 5 security consultants a list with important decision-making factors has been compiled. This list is discussed with 12 decision-makers from practice in a three-round Delphi study. Based on the Delphi study, the Decision-Making Capability Model for Security Countermeasures has been produced. The model consists of 8 factors that should be included in the decision-making process about countermeasures. An example of a found factor is ’Comply to laws, regulations and contracts’. The combination of factors describe all aspects of the decision-making process about security countermeasures. To validate the model, two interviews with security consultants and two case studies about the Decision-Making Capability Model for Security Countermeasures been carried out. This has demonstrated the value of the capability model for self-assessment of the decision-making process of the organisation in order to improve the decision-making process. Furthermore, the model presents an accurate view of the capability of the organisation. The model can further be improved by adding an answer in between ‘Yes’ and ‘No’ in order to make the results of the model less harsh and more fitted towards organisations. In addition to improving this capability model, research should look into the decision-making process of different organisations to understand them even better. This understanding can lead to an improved fit of the models created in research and the use practice has for them. The main contribution of this research is a model that can assess and help improve the decision-making process about security countermeasures. Combining academic and practical sources provided a comprehensive view on the decision-making process about countermeasures and the important factors that should be taken into account in this process. Eventually, this process can provide effective security countermeasures and an improved information security of the organisation. |
| Item Type: | Essay (Master) |
| Clients: | Northwave, Nieuwegein, Netherlands |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 50 technical science in general, 54 computer science |
| Programme: | Business Information Technology MSc (60025) |
| Link to this item: | https://purl.utwente.nl/essays/79588 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page