A Conceptual Model to Assess the Maturity Of Information Security Audit Process

Anwar, M; Gill, A; Proper, H

A Conceptual Model to Assess the Maturity Of Information Security Audit Process

Anwar, M

Gill, A

Proper, H

Permalink

Publisher:: CEUR
Publication Type:: Conference Proceeding
Citation:: CEUR Workshop Proceedings, 2022, 3298
Issue Date:: 2022-12-07

Open Access

Copyright Clearance Process

Recently Added
In Progress
Open Access

This item is open access.

Adobe PDF

Download Published versionAdobe PDF (656.17 kB)

View statistics

Full metadata record

Field	Value	Language
dc.contributor.author	Anwar, M https://orcid.org/0000-0001-5438-8811
dc.contributor.author	Gill, A https://orcid.org/0000-0001-6239-6280
dc.contributor.author	Proper, H
dc.date	2022-11-23
dc.date.accessioned	2023-04-18T01:48:45Z
dc.date.available	2023-04-18T01:48:45Z
dc.date.issued	2022-12-07
dc.identifier.citation	CEUR Workshop Proceedings, 2022, 3298
dc.identifier.issn	1613-0073
dc.identifier.uri	http://hdl.handle.net/10453/169881
dc.description.abstract	One of the critical aspects of information security management is the security audit, both internal and external audits. The fundamental challenge for organisations is the effective design and implementation of the information security audits to better understand their information security capability. In this paper, we present insights from an action design research (ADR) project and propose a conceptual model to assess the maturity of security audit processes. The results of this research can be used to create an improvement plan, which will guide organisations to reach their target process maturity level. The maturity model proposed in this paper was evaluated by way of feedback workshops in the target organization. The model forms the basis for future work for generalising the research into a formal reference architecture (involving models and principles) for audit process maturity.
dc.language	en
dc.publisher	CEUR
dc.relation.ispartof	CEUR Workshop Proceedings
dc.relation.ispartof	Practice of Enterprise Modelling 2022 Workshops and Models at Work
dc.relation.ispartofseries	CEUR Workshop Proceedings
dc.rights	info:eu-repo/semantics/openAccess
dc.title	A Conceptual Model to Assess the Maturity Of Information Security Audit Process
dc.type	Conference Proceeding
utslib.citation.volume	3298
utslib.location.activity	London, UK
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Strength - GBDTC - Global Big Data Technologies
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
utslib.copyright.status	open_access	*
pubs.consider-herdc	false
dc.date.updated	2023-04-18T01:48:44Z
pubs.finish-date	2022-11-25
pubs.publication-status	Published online
pubs.start-date	2022-11-23
pubs.volume	3298

Abstract:

One of the critical aspects of information security management is the security audit, both internal and external audits. The fundamental challenge for organisations is the effective design and implementation of the information security audits to better understand their information security capability. In this paper, we present insights from an action design research (ADR) project and propose a conceptual model to assess the maturity of security audit processes. The results of this research can be used to create an improvement plan, which will guide organisations to reach their target process maturity level. The maturity model proposed in this paper was evaluated by way of feedback workshops in the target organization. The model forms the basis for future work for generalising the research into a formal reference architecture (involving models and principles) for audit process maturity.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/169881