On January 21 at 11:00 a.m., the defense of Frank Moses' dissertation on “Procedural Model for the Adoption of ISMS in Small Public Sector Organizations” will take place in room 001 (Konrad-Zuse-Haus).
Abstract
Threats from cyberspace are increasing more and more. These threats affect not only companies but also administrations. The automated processing of information and data now plays a crucial role in fulfilling tasks in local governments. The complexity of information technology, the increasing degree of networking, and the dependence on ITsupported processes require that the security of information technology has an ever-higher priority. Due to the increased dependence on modern ICT, the risk of information infrastructures being impaired by deliberate attacks from within and outside, negligent actions, ignorance, or technical failure has increased significantly, both qualitatively and quantitatively. Small local governments face the same risks as large organisations but are more vulnerable at any given time due to reduced resources.
Previous research work focuses on the framework conditions of the corporate environment. These frameworks cannot transfer to administrations without revision, and thus, provided concepts, strategies, or even recommendations for action were not suitable to the requirements of governments.
This thesis develops, describes and evaluates a procedural model with a supporting software component for developing and establishing an information security management system for the target group of small local governments.
In this way, the framework conditions, designs and effects of implementing the process model can be shown and examined both in science and practice. The procedural model was tested on 24 test subjects under natural conditions and extended to other clients over time.
The overall development of the concept was implemented with the help of data mining tools to react proactively to changes in the environment and threat scenarios from cyberspace and thus ensure the organisation's resilience in the long term.
The thesis uses a design science approach as an overarching research paradigm. In summary, implications, limitations and possibilities for future research are derived.