Security in Modern Business: Security Assessment Model for Information Security Practices

From my previous field research, I found that most of the organizations have very poor security practices. Some organizations may be aware of the consequences of information security breaches, but would rather take the risk. Some are not knowledgeable enough and partly because they have very limited resources to allocate in areas that return no benefits. Some of them may think that their business partners will help to protect their information. As a result, this is a kind of “I don’t care about what you care about” practice. In other words, natures of these loopholes have been investigated and explored. The next thing is to find solutions to fill this security gap. Building on the findings of previous research, this paper identifies the prescriptions that will reduce business information vulnerability. I first review the current information security models or frameworks, all of which have shortcomings, and then discuss ISO9000 and the Capability Maturity Model, which can solve some of the problems that arise from business information vulnerability. To fill the solution gap, I finally develop a new security assessment model. Due to space limitation, details of this assessment model development processes will be discussed in my other research paper.