To build an information systems (IS) security controls integration and implementation roadmap for optimal security maturity

Thumbnail Image
Akerele, Iretioluwa
Journal Title
Journal ISSN
Volume Title
University College Cork
Published Version
Research Projects
Organizational Units
Journal Issue
With the advancement of technology for conducting business, organisations rely on information technology (IT) and information systems (IS) to enhance their business and create new opportunities. The main security goal of organisations globally is to reduce threats and vulnerabilities before they become a potential risk. As the world is connected digitally and IS security threats are unending, it is necessary for organisations to implement IS security controls to enhance their security posture and to protect their intellectual property and sensitive data. New and emerging technologies have led to the introduction of security tools and solutions to reduce the potential risks of cyber threats and attacks. To contribute to literature and industry practice by addressing the gaps in the IS community and enhancing organisation’s security posture to reduce potential risks, this research aims to build an IS security controls integration and implementation roadmap for optimal security maturity. The roadmap consists of six steps to guide organisations to identify their IS security controls, prioritise and use the controls, integrate the controls and implement actions, where necessary. To achieve the above objective, the researcher adopted the interpretivist paradigm and qualitative approach to gather in-depth insights into the gaps and current practice in the IS security domain. The qualitative approach used in this research comprises of four methods which are surveys, interviews, focus group sessions and document analysis. An initial assessment was conducted with 55 IS security professionals using a survey to ascertain the types of IS security controls that are used in their organisation. A field study was conducted for key informants in IS security across 13 sectors to ensure comprehensive data gathering that captures the richness of the findings. A focus group session was also conducted with 8 IS security practitioners to validate the outcome of some of the IS security controls from the interview. In addition, best practice documentation was reviewed, analysed, and compared with the IS security controls identified in this research. The findings of this research are summarised as follows. i) There is a lack of synergy between the IS academic community and industry practice in the research and usage of IS security controls. This finding was presented using an IS security landscape and framework. ii) The integration of IS security controls show that there are high and low priority controls in organisations. There are several limitations affecting the full integration of controls. These include cost, organisational sector, size, and context. iii) The design of security solutions is affected by challenges like security incidents and compliance issues. Additionally, some good practices that have helped organisations in designing security solutions were identified. The good practices are linked to the controls required for effective IS security implementation. This research contributes to the IS security literature by investigating the current state of the IS community with regards to information security and IS security; suggesting a balance between research and practice to tackle the prevalent threats in information security; identifying the domain areas in academic literature where more work is required and making suggestions to the IS community to contribute to these areas in solving bigger information security challenges faced in sectors. A final contribution of this research is an IS security roadmap that shows the integration of the IS security controls using a six-step process. The IS security roadmap addresses the research questions and overall objective of the research. The researcher proposes that the roadmap is applicable to any organisation, irrespective of its size and sector.
Information security , Roadmap , Optimal maturity , Security controls
Akerele, I. 2023. To build an information systems (IS) security controls integration and implementation roadmap for optimal security maturity. PhD Thesis, University College Cork.
Link to publisher’s version