AIM Triad: A Prioritization Strategy for Public Institutions to Improve Information Security Maturity

Hochstetter-Diez, Jorge; Dieguez-Rebolledo, Mauricio; Fenner-Lopez, Julio; Cachero, Cristina

Abstract

In today's world, private and government organizations are legally obligated to prioritize their information security. They need to provide proof that they are continually improving their cybersecurity compliance. One approach that can help organizations achieve this goal is implementing information security maturity models. These models provide a structured framework for measuring performance and implementing best practices. However, choosing a suitable model can be challenging, requiring cultural, process, and work practice changes. Implementing multiple models can be overwhelming, if possible. This article proposes a prioritization strategy for public institutions that want to improve their information security maturity. We thoroughly analyzed various sources through systematic mapping to identify critical similarities in information security maturity models. Our research led us to create the AIM (Awareness, Infrastructure, and Management) Triad. This triad is a practical guide for organizations to achieve maturity in information security practices.

Más información

Título según WOS: AIM Triad: A Prioritization Strategy for Public Institutions to Improve Information Security Maturity
Título de la Revista: APPLIED SCIENCES-BASEL
Volumen: 13
Número: 14
Editorial: MDPI
Fecha de publicación: 2023
DOI:

10.3390/app13148339

Notas: ISI