Research Article Open Access

An Algorithm To Determine The Maturity Improvement Plan For Information System Risk Management. Application On A Case Study

Soumaya Amraoui1, Mina Elmaallam2 and Hicham Bensaid3
  • 1 Mohammed V University, Morocco
  • 2 School of Information Sciences, Morocco
  • 3 Enterprise and Distributed Systems (SEEDS), Morocco

Abstract

A good and relevant Risk Management process is a key issue when Information System effective governance is concerned. Therefore, several paradigms have been devised to help achieving such goal. Among these paradigms, maturity models are quite popular. The main aim of a maturity model is to help users improve their activities capability. However, one of the major challenges encountered when using these models is the definition of the improvement plan after the evaluation. This challenge is all the stronger and costly when it comes to an activity whose elements or phases have an important interdependence such as IS risk management. In this article, we propose an algorithm called “Path Prerequisites” to help users define a graduate improvement plan, easily and efficiently, from a given maturity level to a target one, while handling criteria dependencies constraints. The algorithm is based on an acyclic graph representation of the control objectives and the dependencies among them and it corresponds to a guided (backwards) traversal of the graph. We assess the algorithm by applying it to a study case.

Journal of Computer Science
Volume 15 No. 8, 2019, 1050-1064

DOI: https://doi.org/10.3844/jcssp.2019.1050.1064

Submitted On: 27 March 2019 Published On: 1 August 2019

How to Cite: Amraoui, S., Elmaallam, M. & Bensaid, H. (2019). An Algorithm To Determine The Maturity Improvement Plan For Information System Risk Management. Application On A Case Study. Journal of Computer Science, 15(8), 1050-1064. https://doi.org/10.3844/jcssp.2019.1050.1064

  • 3,257 Views
  • 1,601 Downloads
  • 0 Citations

Download

Keywords

  • Information System
  • Maturity
  • Maturity Model
  • Focus Area Model
  • Risk Management