Marquez-Tejon Jose, Jimenez-Partearroyo Montserrat, Benito-Osorio Diana
Universidad Rey Juan Carlos, Paseo de los Artilleros, s/n, 28032 Madrid, Spain.
Secur J. 2023 Jun 2:1-24. doi: 10.1057/s41284-023-00381-6.
The purpose of this article is to contribute scientifically to the thematic areas of organisational resilience and security risk management by providing a model of a flexible security management system that can be integrated with other management systems and be applied to the operational dimension of organisational resilience. To this end, the literature on security risk and operational resilience has been reviewed, as well as on security governance models based on enterprise security risk management and other international standards that allow integration with business processes. During the study, an incipient production of specific models that determine the maturity of different management systems was observed in the academic sphere, with a gap being detected in terms of security management system maturity models linked to organisational governance and enterprise risk management, which would facilitate their inclusion in the organisation's integrated management system in a practical way. It is concluded that the proposed model provides scientific support to practitioners, and, to a greater extent, to companies and other organisations irrespective of their size, sector of activity or location.
本文的目的是通过提供一个灵活的安全管理系统模型,为组织弹性和安全风险管理的主题领域做出科学贡献。该模型可以与其他管理系统集成,并应用于组织弹性的运营层面。为此,本文回顾了关于安全风险和运营弹性的文献,以及基于企业安全风险管理和其他国际标准的安全治理模型,这些标准允许与业务流程集成。在研究过程中,在学术领域观察到了一些初步的特定模型,这些模型可以确定不同管理系统的成熟度,但在与组织治理和企业风险管理相关的安全管理系统成熟度模型方面发现了差距,而这将有助于以实际方式将它们纳入组织的综合管理系统。结论是,所提出的模型为从业者提供了科学支持,并且在更大程度上为公司和其他组织提供了支持,无论其规模、活动部门或地理位置如何。
