Methodology for practice of information security in software development companies

Abstract

When modern organizations are considered, information is one of the most critical assets that need to be protected against external and internal threats. Since there is a massive increase in threats related to information technology applications, information security has become a significant factor. Moreover, information security ensures business continuity and reduce the risk of damage to an organization's reputation. Therefore, internal information security management is a critical factor. There are several factors which affect implementation of information security management. This research is focused on finding out a methodology for information security management in software development companies. To achieve objective information security governance, senior management support and organizational culture factors impact on information security management in software development companies are comprehensively studied. Furthermore, existing management models such as plan, do, check and act model, maturity models, etc., were analyzed to understand its applicability to information security management. An online questionnaire was developed based on three major factors identified during the literature review and shared with Associate technical leads, Technical leads, Software architects, Project managers, Delivery managers, Information Technology managers and Heads of IT in the software industry to represent the information security decision makers in an organization. Collected data was analyzed quantitatively using a statistical tool. The research results have shown a strong positive relationship between information security governance and senior management support with information security management. Whereas Organizational culture has a very weak relationship with information security management. According to the research results, PDCA can be recommended to manage information security in Software development organizations.