Determining Information Security Maturity Level of an organization based on ISO 27001

Abstract

Technology adoption is key critical component for organization success. With continued and rapid advancement in technology especially brought by the need for employees to use their personal devices, it presents a major opportunity and challenge for enterprises, it poses a challenge as adversaries have taken advantage of widening cyber space to attack information and information systems. Our study provides a solution by designing a model to compute information security maturity of universities. The research is based on ISO 27001 by involving specific clauses relevant to universities because of its unique organizational ecocentric nature having varied categories of user’s and extensive research allowing it to serve as a plausible area for study compared to other organizations. The cumulative factors having being considered statistically varied towards contribution towards the maturity model. The model is then designed considering the different information security levels of compliance suggested by ISO 27001. The study adopted design research approach to come with the model design.