Direkt zur zweiten Navigationsebene, fallls vorhanden.Direkt zum Seiteninhalt
www.m-chair.de | twitter@mchair | Imprint | Privacy Policy | Sitemap
Logo - Johann Wolfgang Goethe University Frankfurt
Deutsche Telekom Chair of Mobile Business & Multilateral SecurityDeutsche TelekomDeutsche Telekom Chair of Mobile Business & Multilateral Security

A structured comparison of the information security maturity level

Type
Not defined
Title
A structured comparison of the information security maturity level
Supervisor
Abstract
  • Introduction

The main problem is that it is not feasible to measure information security directly. So to get an estimate you have to rely on measuring something you can rely on. Information security can be assessed by applying a maturity model and with the maturity model, you assess the level of controls (according to ISO/ICE 27001:2013). This does not need to be equivalent with the level of security. Nevertheless, evaluating the level of information security maturity in companies has been a major challenge for years. Although many studies have been conducted to address these challenges, there is still a lack of research to properly analyze these assessments. The primary objective of this study is to show how to use the analytic hierarchy process (AHP) to compare the maturity level within an industry in order to rank these companies.

 

  • Thesis Objective

The objective of this thesis is to focus on the details of implementing this model across a variety of different examples with the AHP, as well as working on a more expanded decision hierarchy with an additional level of sub criteria (in this case the ISO control objectives).

Futhermore, it would be possible to add tangible and practical assets (real data of a enterprise, e.g. web servers, data servers etc.) to the decision hierarchy in order to test a validation of the AHP using a concrete example.

 

  • Expected Results

        • Expanded AHP decision hierarchy with more ISO norm-controls

        • Simplistic ranking of the companies to be evaluated

        • Listing of some weaknesses of the AHP

 

  • Expected Knowledge

        • Basic statistic data evaluation (R, YAML, ...)

 

  • Extension to Master Thesis

It is possible to extend the topic of this thesis in several directions to fulfill the requirements of a master thesis. If you are looking for a master thesis and interested in this topic, don't hesitate to contact us and we can discuss about the extensions.

 

Contact

Dr. Sebastian Pape

Chair of Mobile Business and Multilateral Security, Goethe University Frankfurt

Email: sebastian[dot]pape[at]m-chair[dot]de             

Michael Schmid, MBA, Doctoral Candidate

Chair of Mobile Business and Multilateral Security, Goethe University Frankfurt

 

Email: michael[dot]schmid[at]m–chair[dot]de