On Improving the Maturity of Business Information Security

IT Security is becoming more complex and is changing more rapidly. It has implications beyond the IT field, touching all the essential aspects of companies' governance, management, and operations. Since businesses increasingly rely on information and their supporting processes, Information Security is more and more seen as part of Business Administration in close collaboration with key stakeholders that subsequently benefit the well-being of the firm. We therefore refer to the term "Business Information Security" (BIS). The causes of the many security incidents that take place are very diverse, as are the strategies that have been chosen to keep them manageable. The main problem we aim to tackle in this research project is, on the one hand, to contribute to the required knowledge sharing, build consensus on the priorities (where to start), create the necessary engagement among stakeholders, and make informed decisions to achieve objectives. In this book, we refer to the collective term "Collaboration." And on the other hand, we determine key concepts that underpin Maturing Business Information Security (MBIS) and practices that support the required analytical and administrative work without reinventing the wheel. The main question answered in this book is "How can we establish a collaborative analysis method which utilizes best practices for improving the maturity of BIS?" This study has benefited from enthusiastic cooperation from many parties and has resulted in a method that enables collaboration and administration to improve the Maturity of Business Information Security. That aligns business with information security and is tested in practical environments. The produced artifact can utilize industry best practices and has the required functionalities that contribute to the improvement of BIS. Furthermore, this research project gives insights into practices, enablers, and critical success factors for BIS that organizations can incorporate into their business and encourages other academics to do further research on.