A Maturity Model for IT-Related Security Incident Management

The purpose of the study is to validate the ability of a maturity model for measuring escalation capability of IT-related security incident. First, an Escalation Maturity Model (EMM) and a tool were developed to measure the maturity of an organization to escalate IT-related security incidents. An IT tool for self-assessment was used by a representative from three organizations in the Swedish health sector to measure the organization's ability to escalate IT-related security incident. Second, typical security incident scenarios were created. The incident managers from the different organizations were interviewed about their organization's capabilities to deal with these scenarios. Third, a number of independent information security experts, none of whom had seen the results of EMM, ranked how the three different organizations have handled the different scenarios using a measurable scale. Finally, the results of EMM are compared against the measurable result of the interviews to establish the predictive ability of EMM. The findings of the proof of concept study shows that the outcome of EMM and the way in which an organization would handle different incidents correspond well, at least for organizations with low and medium maturity levels.