Measuring security impact on the quality of enterprise IS

Title: "Measuring the security impact on the quality of enterprise information system"

Abstract

Information system quality (ISQ) is a topic receiving considerable attention. Major ISQ metrics focus on the deployed software and networks quality. The IS security was discussed as a primary parameter for the ISQ. However, there are no quantified studies indicating how and how much the IS security affects the ISQ. IS managers need to be, first, in confidence with the security system currently running, and second,  aware of the risk generated by the running system varying limitation. They need relevant metrics to identify dependencies and make appropriate operational and strategic decisions. This presentation proposes six security impact metrics on the ISQ integrating human, organizational and managerial parameters. It defines each metric components, its measurement unit and formula. Then, an apriori model for the metric initialisation is described, and a posteriori model for the metric evolution. Finally, perspectives related to the management issues of the proposed metrics are discussed. 

The speaker

Moufida Sadok is an assistant professor of Management Information Systems at Institute of Technology in Communications at Tunis where she is also director of IT management department. She received the PhD degree on the enhancement of competitive intelligence to cope with digital risks at the University of Grenoble (France, 2004). She is interested in the strategic and organizational research on the management of the digital risk. Particularly, her research interests include information security management, risk analysis, and security policy implementation process.