University of Twente Student Theses


Research on why Dutch Public Organizations fail to grow to sufficient maturity levels in information security

Coskun, M. (2022) Research on why Dutch Public Organizations fail to grow to sufficient maturity levels in information security.

[img] PDF
Abstract:The goal of this research is to gather knowledge about factors that play a role within Dutch Public Organizations, that disables these organizations to make further progress and grow in maturity within information security to prevent data breaches and hackings. The research question is: “Why are Dutch Public Organizations failing to get their information security on sufficient maturity levels and what could they do in their approach to information security practices to increase these levels?” A qualitative study with semi-structured interviews was conducted with different people from different types of organizations. The first group consisted of 3 IT-auditors working at a respected accounting firm. The second group consisted of 7 people considered experts on information security matters since all of them work at Dutch municipalities in the role of Chief Information Security Officer or Team Manager Information. Through thematic content analysis all interviews were analysed after transcription and the most frequent mentioned factors in struggling with information security maturity levels have been identified. It was found that there is no one unanimous reason for why Dutch Public Organizations are not growing in maturity. There are multiple factors present which play a role in hindering Dutch Public Organizations in growing in information security maturity levels. These factors and elements variate and differ from an external IT auditor viewpoint compared to internal viewpoints of the participating respondents such as CISO’s. Since this research is focused on factors and reasons that hinder growth in maturity from two perspectives, it can be concluded that these views do not deviate much. Therefore it also can be concluded that the most important elements that hinder growth are capacities based on different grounds, such as expertise, staff and a lack of time. Additionally, there is lack of fulfillment of PDCA cycles which ensures there is no sufficient evaluation or monitoring in measures taken. Furthermore, it can be concluded that a lot of processes are not yet defined which translates in lack of knowledge about roles and responsibilities.
Item Type:Essay (Master)
Faculty:BMS: Behavioural, Management and Social Sciences
Subject:01 general works
Programme:Business Administration MSc (60644)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page