Towards value-based information security management monitoring

The main objective of Information Security Management (ISM) is to align IT security with business security in all service and service management activities within an integrated strategy with corporate IT governance. To obtain a full IT-business alignment is still a challenge to managers. In continual service improvement (CSI) related activities, such as ISM, this problem is even more apparent. The actual impact upon business, due to lower quality results in ISM, is not apparent to top level executives. This article discusses an integration of ISM with a CSI approach and illustrates its benefits and gains. We proposed a value-based framework to evaluate the ISM process in a quantitative manner, whereby estimating the ISM value and quality indicators which can be used to input ISM and IT services performance in strategic planning tools. We discuss and illustrate the cause effect relation and innovations of this idea to common ISM practices.