A Coherence Model to Outline Obstacles and Success Factors for Information Security from the CISO's Point of View

Abstract

Against the backdrop of the progressive digitalization of Critical Infrastructures (CRITIS), especially within the socio-technical fields, this paper addresses the identification of obstacles as well as critical, technical, and human success factors, which play an essential role in efficient information security management. Furthermore, the focus is also put on the crystallization of differentiated views regarding the meaningfulness and usefulness of laws. To this end, we conducted a study with 86 chief information security officers, including CRITIS with 76% participation and non-CRITIS with 24% participation, data center operators (14), water and wastewater utilities (25), energy supply companies (33), and healthcare stakeholders (14) in Germany. The study is based on a methodological pluralistic orientation in which, in addition to the integration of quantitative methods for empirical data collection, other analytical approaches are used to determine coherence and correlation. As an artifact, the empirically validated factors are compiled intersectoral in a coherence model and related in terms of causality.

Keywords: information security obstacles, information security success factors, information security management system, coherence analysis, ISMS, CRITIS, CISO

DOI: 10.54941/ahfe1002206