Case study: testing Wahlgren’s escalation maturity model within public sector organisations in Sweden: Studying model support for operators of essential services in meeting NIS directive requirements for incident escalation
2021 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE credits
Student thesis
Abstract [en]
Critical infrastructures are vital services, and attacks on such systems affect people's social and economic well-being. Therefore, operators of such services must have appropriate measures in place to handle IT-related incidents. However, reports show that organisations classified as Operators of Essential Services (OES) do not have appropriate measures to handle IT-related incidents.
A case study approach is used in this study to test the usability and the applicability of Wahlgren's Escalation Maturity Model level within various public sector organisations in Sweden regarding their escalation and communication of IT-related incidents. A follow-up semi-structured interview is also conducted with employees at the technical level to determine if the current organisation's maturity level shortcomings are known across different organisational levels.
The tool's maturity level scaling attributes are difficult to understand because all organisations in this study achieve the same level of maturity, even though there is a wide range of performance regarding the number of questions answered in the affirmative. The data output generated from the testing of the model can assist organisations in improving their incident escalation activities. However, the lack of precision of the model makes it challenging to apply in the public sector. The results reveal that all the five organisations obtained an escalation maturity level of zero (0), non-existent, regarding escalation of IT-related incidents. As a result, with the current model, the participating organisations will have a difficult task complying with the NIS Directive's security and notification requirements.
Place, publisher, year, edition, pages
2021. , p. 35
Keywords [en]
IT security, maturity model, IT-related incidents, NIS directive, operation of essential services, escalation maturity
National Category
Information Systems, Social aspects
Identifiers
URN: urn:nbn:se:his:diva-20202OAI: oai:DiVA.org:his-20202DiVA, id: diva2:1578614
Subject / course
Informationsteknologi
Educational program
Privacy, Information and Cyber Security - Master's Programme 120 ECTS
Supervisors
Examiners
2021-07-062021-07-062021-07-06Bibliographically approved