A novel administration model for managing and organising the heterogeneous information security policy field
Information security policy (ISP) plays a crucial role in maintaining the availability, confidentiality, and integrity of sensitive data. However, it is of high complexity and heterogeneity due to the variety and redundancy of security policy practices and complexity of organisational systems. Vario...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Multidisciplinary Digital Publishing Institute (MDPI)
2023
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/105129/1/ArafatMohammedRashad2023_ANovelAdministrationModelforManagingandOrganising.pdf http://eprints.utm.my/105129/ http://dx.doi.org/10.3390/app13179703 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Teknologi Malaysia |
| Language: | English |
| id |
my.utm.105129 |
|---|---|
| record_format |
eprints |
| spelling |
my.utm.1051292024-04-07T03:54:55Z http://eprints.utm.my/105129/ A novel administration model for managing and organising the heterogeneous information security policy field Alotaibi, Fahad Mazaed Al-Dhaqm, Arafat Yafooz, Wael M. S. Al-Otaibi, Yasser D. QA75 Electronic computers. Computer science Information security policy (ISP) plays a crucial role in maintaining the availability, confidentiality, and integrity of sensitive data. However, it is of high complexity and heterogeneity due to the variety and redundancy of security policy practices and complexity of organisational systems. Various and duplicate ISP models and frameworks have been offered in the literature. The duplicate security policy practices, procedures, and processes in the existing models have made ISP disorganised, unstructured, and unclear to organisational users. As a result, there is still a need for a standardised and integrated model to make it simpler to share, manage, and reuse ISP practices amongst the organisations. The main objective of this study is to construct a metamodel to unify, organise, and structure ISP practices. By identifying, recognising, extracting, and combining the common information security policy practices from various ISP models in a built ISP metamodel called ISPM, we seek to make it simple for users and field specialists to derive/instantiate security policy models for their organisations. The development and validation process of the ISPM is based on the common security frameworks such as ISO 27001 frameworks. The developed ISPM consists of 19 common security practices: organisation, risk management, access control policy, edit, review, compliance, business management, backup and recovery, incident response, SETA program, security awareness, security training, security education, email security policy, cloud security policy, network security policy, website security policy, physical security policy, and privacy security policy. Each common security practice consists of several operations and attributes. The performance of the developed ISPM was compared to that of other models to evaluate its completeness and logicalness. Using ISO 27001 as a framework, the findings confirmed the comprehensiveness of ISPM. Therefore, it can contribute to organisations’ security by helping them to develop their own security policy models. Multidisciplinary Digital Publishing Institute (MDPI) 2023 Article PeerReviewed application/pdf en http://eprints.utm.my/105129/1/ArafatMohammedRashad2023_ANovelAdministrationModelforManagingandOrganising.pdf Alotaibi, Fahad Mazaed and Al-Dhaqm, Arafat and Yafooz, Wael M. S. and Al-Otaibi, Yasser D. (2023) A novel administration model for managing and organising the heterogeneous information security policy field. Applied Sciences (Switzerland), 13 (17). pp. 1-18. ISSN 2076-3417 http://dx.doi.org/10.3390/app13179703 DOI : 10.3390/app13179703 |
| institution |
Universiti Teknologi Malaysia |
| building |
UTM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknologi Malaysia |
| content_source |
UTM Institutional Repository |
| url_provider |
http://eprints.utm.my/ |
| language |
English |
| topic |
QA75 Electronic computers. Computer science |
| spellingShingle |
QA75 Electronic computers. Computer science Alotaibi, Fahad Mazaed Al-Dhaqm, Arafat Yafooz, Wael M. S. Al-Otaibi, Yasser D. A novel administration model for managing and organising the heterogeneous information security policy field |
| description |
Information security policy (ISP) plays a crucial role in maintaining the availability, confidentiality, and integrity of sensitive data. However, it is of high complexity and heterogeneity due to the variety and redundancy of security policy practices and complexity of organisational systems. Various and duplicate ISP models and frameworks have been offered in the literature. The duplicate security policy practices, procedures, and processes in the existing models have made ISP disorganised, unstructured, and unclear to organisational users. As a result, there is still a need for a standardised and integrated model to make it simpler to share, manage, and reuse ISP practices amongst the organisations. The main objective of this study is to construct a metamodel to unify, organise, and structure ISP practices. By identifying, recognising, extracting, and combining the common information security policy practices from various ISP models in a built ISP metamodel called ISPM, we seek to make it simple for users and field specialists to derive/instantiate security policy models for their organisations. The development and validation process of the ISPM is based on the common security frameworks such as ISO 27001 frameworks. The developed ISPM consists of 19 common security practices: organisation, risk management, access control policy, edit, review, compliance, business management, backup and recovery, incident response, SETA program, security awareness, security training, security education, email security policy, cloud security policy, network security policy, website security policy, physical security policy, and privacy security policy. Each common security practice consists of several operations and attributes. The performance of the developed ISPM was compared to that of other models to evaluate its completeness and logicalness. Using ISO 27001 as a framework, the findings confirmed the comprehensiveness of ISPM. Therefore, it can contribute to organisations’ security by helping them to develop their own security policy models. |
| format |
Article |
| author |
Alotaibi, Fahad Mazaed Al-Dhaqm, Arafat Yafooz, Wael M. S. Al-Otaibi, Yasser D. |
| author_facet |
Alotaibi, Fahad Mazaed Al-Dhaqm, Arafat Yafooz, Wael M. S. Al-Otaibi, Yasser D. |
| author_sort |
Alotaibi, Fahad Mazaed |
| title |
A novel administration model for managing and organising the heterogeneous information security policy field |
| title_short |
A novel administration model for managing and organising the heterogeneous information security policy field |
| title_full |
A novel administration model for managing and organising the heterogeneous information security policy field |
| title_fullStr |
A novel administration model for managing and organising the heterogeneous information security policy field |
| title_full_unstemmed |
A novel administration model for managing and organising the heterogeneous information security policy field |
| title_sort |
novel administration model for managing and organising the heterogeneous information security policy field |
| publisher |
Multidisciplinary Digital Publishing Institute (MDPI) |
| publishDate |
2023 |
| url |
http://eprints.utm.my/105129/1/ArafatMohammedRashad2023_ANovelAdministrationModelforManagingandOrganising.pdf http://eprints.utm.my/105129/ http://dx.doi.org/10.3390/app13179703 |
| _version_ |
1797905946933985280 |