Information Security Management in Small Public Sector Organizations: Requirements and Design of a Procedural Approach
The increasing digitalization of enterprises and public authorities has resulted in the growing importance of information technology in everyday operations. In this context, an information security management system (ISMS) has become an essential aspect for most organizations. The dependency on tech...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Riga Technical University
2023-12-01
|
| Series: | Complex Systems Informatics and Modeling Quarterly |
| Subjects: | |
| Online Access: | https://csimq-journals.rtu.lv/article/view/8092 |
| _version_ | 1797367166642683904 |
|---|---|
| author | Frank Moses Kurt Sandkuhl |
| author_facet | Frank Moses Kurt Sandkuhl |
| author_sort | Frank Moses |
| collection | DOAJ |
| description | The increasing digitalization of enterprises and public authorities has resulted in the growing importance of information technology in everyday operations. In this context, an information security management system (ISMS) has become an essential aspect for most organizations. The dependency on technology for almost every single process in an organization has put ISMS at the top of the corporate agenda of public sector organizations. For public organizations in particular, the NIS 2 Directive describes abstract requirements for the development of an ISMS. On the other hand, only a few public administrations operate an ISMS. In this context, this article analyses the requirements of the NIS-2 Directive and complements them with the obstacles and reasons for success in the introduction of ISMS in small public sector organizations (SPSO). At the same time, minimum requirements should be defined that help municipal administration set up an ISMS quickly and easily. This article summarizes the different requirements and generates a foundation for a rough procedural model, for implementing the upcoming requirements of the NIS 2 Directive in local governments. The article also presents the conceptual design of the procedural model. |
| first_indexed | 2024-03-08T17:13:27Z |
| format | Article |
| id | doaj.art-fd1a00b86966412a8098407989ec654f |
| institution | Directory Open Access Journal |
| issn | 2255-9922 |
| language | English |
| last_indexed | 2024-03-08T17:13:27Z |
| publishDate | 2023-12-01 |
| publisher | Riga Technical University |
| record_format | Article |
| series | Complex Systems Informatics and Modeling Quarterly |
| spelling | doaj.art-fd1a00b86966412a8098407989ec654f2024-01-03T18:27:32ZengRiga Technical UniversityComplex Systems Informatics and Modeling Quarterly2255-99222023-12-01037546810.7250/csimq.2023-37.033427Information Security Management in Small Public Sector Organizations: Requirements and Design of a Procedural ApproachFrank Moses0Kurt Sandkuhl1University of Rostock, Albert-Einstein-Str. 22, 18059 RostockUniversity of Rostock, Albert-Einstein-Str. 22, 18059 Rostock, Germany and Jönköping University, Box 1026, 55111 Jönköping, SwedenThe increasing digitalization of enterprises and public authorities has resulted in the growing importance of information technology in everyday operations. In this context, an information security management system (ISMS) has become an essential aspect for most organizations. The dependency on technology for almost every single process in an organization has put ISMS at the top of the corporate agenda of public sector organizations. For public organizations in particular, the NIS 2 Directive describes abstract requirements for the development of an ISMS. On the other hand, only a few public administrations operate an ISMS. In this context, this article analyses the requirements of the NIS-2 Directive and complements them with the obstacles and reasons for success in the introduction of ISMS in small public sector organizations (SPSO). At the same time, minimum requirements should be defined that help municipal administration set up an ISMS quickly and easily. This article summarizes the different requirements and generates a foundation for a rough procedural model, for implementing the upcoming requirements of the NIS 2 Directive in local governments. The article also presents the conceptual design of the procedural model.https://csimq-journals.rtu.lv/article/view/8092hindering factorsrequirementsinformation securityisms |
| spellingShingle | Frank Moses Kurt Sandkuhl Information Security Management in Small Public Sector Organizations: Requirements and Design of a Procedural Approach Complex Systems Informatics and Modeling Quarterly hindering factors requirements information security isms |
| title | Information Security Management in Small Public Sector Organizations: Requirements and Design of a Procedural Approach |
| title_full | Information Security Management in Small Public Sector Organizations: Requirements and Design of a Procedural Approach |
| title_fullStr | Information Security Management in Small Public Sector Organizations: Requirements and Design of a Procedural Approach |
| title_full_unstemmed | Information Security Management in Small Public Sector Organizations: Requirements and Design of a Procedural Approach |
| title_short | Information Security Management in Small Public Sector Organizations: Requirements and Design of a Procedural Approach |
| title_sort | information security management in small public sector organizations requirements and design of a procedural approach |
| topic | hindering factors requirements information security isms |
| url | https://csimq-journals.rtu.lv/article/view/8092 |
| work_keys_str_mv | AT frankmoses informationsecuritymanagementinsmallpublicsectororganizationsrequirementsanddesignofaproceduralapproach AT kurtsandkuhl informationsecuritymanagementinsmallpublicsectororganizationsrequirementsanddesignofaproceduralapproach |