Improving the Maturity of Business Information Security

IT Security is becoming more complex and is changing more rapidly. It has implications beyond the IT field, touching all the essential aspects of companies' governance, management and operations. Since businesses increasingly rely on information and their supporting processes Information Security is more and more seen as part of Business Administration in close collaboration with key stakeholders that subsequently benefit the well-being of the firm. We therefore refer to the term "Business Information Security" (BIS). The causes of the many security incidents that take place are very diverse, as are the strategies that have been chosen to keep them manageable.

The main problem we aim to tackle in this research project is, on the one hand to contribute to the required knowledge sharing, build consensus on the priorities (where to start), create the necessary engagement among stakeholders and make informed decisions to achieve objectives. In this book we refer to the collective term "Collaboration". And on the other hand we determine key concepts that underpin Maturing Business Information Security (MBIS) and practices that support the required analytical- and administrative work without reinventing the wheel. The main question answered in this book is "How can we establish a collaborative analysis method which utilises best practices for improving the maturity of BIS?"

This study has benefited from enthusiastic co-operation from many parties and has resulted in a method that enables collaboration and administration to improve the Maturity of Business Information Security. That aligns business with information security and is tested in practical environments. The produced artefact can utilize industry best practices and has the required functionalities that contribute in the improvement of BIS.

Furthermore this research project gives insights in practices, enablers and critical success factors for BIS that organisations can incorporate in their business and encourages other academics to do further research on.

Dr. Yuri Bobbert MSc CISM CISA SCF is the global Chief Information Security Officer (CISO) at NN-Group N.V. and the former ad interim CISO of UWV (Government - Financial services). Prior to his role as an interim CISO he served for 10 years as CEO of a consulting firm. Bobbert is visiting professor at Antwerp University, Antwerp Management School and author of several books and publications in Business Information Security Governance and Management.