The Information Security Maturity Model (ISMM)

Learning how to model security problem and evaluate operational information security and its financial implications can be a challenging task. The challenge is basically due to the complexity of information security and it represents a problematic issue in today's computing. In attempting to tackle such an issue we offer security professionals and academic researchers a new tool called the ISMM model as a result of a structured research methodology that takes into account both of the quantitative and qualitative research approaches to validate the proposed work. The ISMM model is neither based on a specific technology or product nor a particular business process but rather an engineering approach towards controlled and efficient implementation of these elements. The model has the following characteristics: 1) it bounds the security problem and defines its conceptual perimeters 2) a layered architecture 3) integrative in terms of security layers controls and processes and yet 4) independent of security controls and threats. Such properties are believed significant to offer plausible tools for various evaluation purposes in information security engineering practices.