A Conceptual Model to Assess the Maturity Of Information Security Audit Process

Authors

Anwar M.J., Gill A.Q., Proper H.A.

Reference

CEUR Workshop Proceedings, vol. 3298, 2022

Description

One of the critical aspects of information security management is the security audit, both internal and external audits. The fundamental challenge for organisations is the effective design and implementation of the information security audits to better understand their information security capability. In this paper, we present insights from an action design research (ADR) project and propose a conceptual model to assess the maturity of security audit processes. The results of this research can be used to create an improvement plan, which will guide organisations to reach their target process maturity level. The maturity model proposed in this paper was evaluated by way of feedback workshops in the target organization. The model forms the basis for future work for generalising the research into a formal reference architecture (involving models and principles) for audit process maturity.