Modeling of information security management parameters in Indian organizations using ISM and MICMAC approach

The purpose of this paper is to identify various information security management parameters and develop a conceptual framework for it.

Interpretive Structural Modeling (ISM) and MICMAC approaches have been used to identify and classify the key factors of information security management based on the direct and indirect relationship of these factors.

The research presents a classification of key parameters according to their driving power and dependence which enable information security management in an organization. It also suggests parameters on which management should pay more attention.

In the paper, 12 parameters were identified based on a literature study and expert help. It is possible to identify some more parameters for ISM development. The help of experts was also used to identify the contextual relationship among the variables for the ISM model. This may introduce some element of bias. Although a relationship model using ISM has been developed, it has not been validated statistically. For future research, it is suggested that the structural equation modelling (SEM) technique may be used to corroborate the findings of ISM. Some of the variables have been grouped together, being a part of a subset due to their similar nature; but it is possible to treat them as independent variables. Future researches may establish their interrelationships also.

The paper has tremendous practical utility for organizations which want to reap the benefits of information and communication technology for their growth but are struggling to find a right approach to deal with information security breach incidents.

Development of a framework for information security management in an organization is the major contribution of this paper. This would be of help to strategic managers in managing information security with emphasis on key parameters identified here.