An assessment model of information security implementation levels

Information security is very important as it serves to protect an organisation from any threats and risks by ensuring the information is always safe to be accessed, reliable and confidentially protected. In order to ensure information security, organisations normally introduce policies and guidelines which are made available to all members. Despite this effort however, security threats on organisations´ information still occur. One of the reasons is because organisations are not aware of the information security levels that they practise. This paper discusses a measurement model for assessing information security implementation levels in organisations. The model consists of three maturity levels that determine the degrees of which information security is addressed in an organisation. The levels contain several factors that are necessary for ensuring information security. The study used Systematic Literature Review (SLR) as the instruments to determine the appropriate measurement parameters. The identified parameters were combined with general models and measurement standards of information security. The model can be used by organisations to determine their levels of maturity in ensuring the security of their information. This enables them to improve their current information security practices.