Improving the maturity of business information security. On the design and engineering of a business information security artefact

Date: 2 July 2018

Venue: Radboud University Nijmegen, Aula - Comeniuslaan 2 - 6525 HP Nijmegen

Time: 4:30 PM

PhD candidate: Yuri Bobbert

Principal investigator: Prof Steven De Haes, Prof Hans Mulder (AMS), Prof Erik Proper (Radboud University)

Short description: PhD defence Yuri Bobbert - Faculty of Applied Economics


IT Security is becoming more complex and is changing more rapidly. It has implications beyond the IT field, touching all the essential aspects of companies’ governance, management and operations. Since businesses increasingly rely on information and their supporting processes Information Security is more and more seen as part of Business Administration in close collaboration with key stakeholders that subsequently benefit the well-being of the firm. We therefor refer to the term “Business Information Security” (BIS). The causes of the many security incidents that take place are very diverse, as are the strategies that have been chosen to keep them manageable.

The main problem we aim to tackle in this research project is, on the one hand to contribute to the required knowledge sharing, build consensus on the priorities (where to start), create the necessary engagement among stakeholders and make informed decisions to achieve objectives. In this book we refer to the collective term “Collaboration”. And on the other hand we determine the concepts that underpin Maturing Business Information Security (MBIS) and practices that support the required analytical- and administrative work without reinventing the wheel. The main question answered in this book is “How can we establish a collaborative analysis method which utilises best practices for improving the maturity of BIS?”

This study has benefited from enthusiastic co-operation from many parties and has resulted in a method that enables collaboration and administration to improve the Maturity of Business Information Security. That aligns business with information security and is tested in practical environments. The produced artefact can utilize industry best practices and has the required functionalities that contribute in the improvement of BIS.

Furthermore this research project gives insights in practices, enablers and critical success factors for BIS that organisations can incorporate in their business and encourages other academics to do further research on.