Abstract: In the realm of security measurements, extensive efforts have been made to evaluate and compare security levels at the country level, resulting in various indices. However, there has been a dearth of evaluations focusing on the information security posture of individual organizations and simultaneously on state-level status evaluation. Such evaluations hold significant potential for providing valuable feedback on the security status of organizations and facilitating assessments and supportive data-driven focused interventions at a national level. This study leverages the Framework for Security Level Evaluation (F4SLE) and the developed tool, Measurement Application for Self-assessing Security (MASS), to collect data for the evaluation. The paper presents diverse options for interpreting the collected data and establishes the foundation for an ongoing cross-country study. The results encompass the analysis of organization-level data and offer insights into overall approaches to security across organizations. This study is a preliminary step toward a more comprehensive information security examination.
Authors: Mari Seeba, Tarmo Oja, Maria Pibilota Murumaa, and Václav Stupka
Published: Proceedings of the 18th International Conference on Availability, Reliability and Security (ARES ’23). Association for Computing Machinery, New York, NY, USA, Article 132, 1–8.