Regulation-based information security maturity assessment framework

Date of Publication

2022

Document Type

Master's Thesis

Degree Name

Master in Information Security

Subject Categories

Information Security

College

College of Computer Studies

Department/Unit

Computer Technology

Thesis Advisor

Marnel S. Peradilla

Defense Panel Chair

Gregory Cu

Defense Panel Member

Raymond Nunez
Danny C. Cheng

Abstract/Summary

The COVID-19 pandemic has spurred organizations to move up their digitalization timeline to cope and address the challenges and emerging need for technology-enabled services, including the banking industry. However, the rapid shift in technology adoption also opened an avenue for threats as banks introduced new technologies coinciding with their security transformation initiatives. Equally, bank examiners face the same challenge in assessing and evaluating the Bank’s information security maturity as they also experience the precipitous technology adaptions and implementations.

This capstone project proposes a regulation-based standard and objective approach for evaluating information security management maturity. The structured and comprehensive assessment framework address the varying perspectives and examiner experience confines in maturity assessments and information security. From a macro viewpoint, the results shall provide a banking sector maturity to contribute to the Bangko Sentral ng Pilipinas (BSP) regulation issuances, IT, and digital innovation initiatives.

The proposed framework is anchored by the BSP circular 982, which provides enhanced guidelines for information security management. Globally accepted standards and regulations of other jurisdictions were evaluated and synthesized during the framework design. The proposed framework was validated by experts with more than 50 years of collective experience. The evaluation covered five (5) thematic areas: Maturity Tiers, Activities/Tasks, Understandability, Ease of use, and applicability and practicality.

Validation results found the proposed maturity assessment framework applicable and practical, easy to use, and understand. In addition, there are recommendations given in the maturity tier and activities/tasks to help enhance the clarity and delineation amongst the tiers and activities/tasks. The experts’ unanimously affirmed that the proposed maturity assessment framework adequately covers the BSP Circular 982 objectives and successfully integrated with globally accepted standards and maturity assessment framework.

Abstract Format

html

Language

English

Format

Electronic

Physical Description

xii, 99 leaves

Keywords

Information storage and retrieval systems—Risk management

Upload Full Text

wf_yes

This document is currently not available here.

Share

COinS