Journal of Computer Science

An Algorithm To Determine The Maturity Improvement Plan For Information System Risk Management. Application On A Case Study

Soumaya Amraoui, Mina Elmaallam and Hicham Bensaid

DOI : 10.3844/jcssp.2019.1050.1064

Journal of Computer Science

Volume 15, Issue 8

Pages 1050-1064

Abstract

A good and relevant Risk Management process is a key issue when Information System effective governance is concerned. Therefore, several paradigms have been devised to help achieving such goal. Among these paradigms, maturity models are quite popular. The main aim of a maturity model is to help users improve their activities capability. However, one of the major challenges encountered when using these models is the definition of the improvement plan after the evaluation. This challenge is all the stronger and costly when it comes to an activity whose elements or phases have an important interdependence such as IS risk management. In this article, we propose an algorithm called “Path Prerequisites” to help users define a graduate improvement plan, easily and efficiently, from a given maturity level to a target one, while handling criteria dependencies constraints. The algorithm is based on an acyclic graph representation of the control objectives and the dependencies among them and it corresponds to a guided (backwards) traversal of the graph. We assess the algorithm by applying it to a study case.

Copyright

© 2019 Soumaya Amraoui, Mina Elmaallam and Hicham Bensaid. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.