Establishment of Methods for Information Security System Policy Using Benchmarking


Benchmarking methodology can provide organizations with a way to choose an appropriate information security policy. However, selecting a proper organization as a benchmarking peer is a challenge due to the lack of quantitative methods for benchmarking. This paper proposes methods to select a peer organization by quantitatively measuring the similarity of organizations' InfoSec management systems.

Publication Title

Proceedings - 29th IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2018