An evaluation methodology of enterprise security management systems

Sangkyun Kim, Choom Seong Leem, Hong Joo Lee

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)


Traditional methodologies related with an analysis, assessment or evaluation of enterprise security management systems are risk analysis methods. These consist of sophisticated processes of an asset identification and valuation, vulnerability analysis, threat analysis, and risk calculation which require very long time and heavy resources. The risk analysis approaches lack in showing an analysis result with strategic management viewpoints because these only focus on an analysis of each asset with perspectives of there value and possible loss. This paper provides an integrated approach of the evaluation methodology of enterprise security management systems. It consists of an evaluation process model and evaluation criteria. A case study proves the real value of this methodology. With a process model and evaluation criteria provided in this paper, a security officer could deliver the enterprise-wide security planning status to executive managers without burden of time and resources.

Original languageEnglish
Pages (from-to)303-312
Number of pages10
JournalInternational Journal of Operations and Quantitative Management
Issue number4
Publication statusPublished - 2005

All Science Journal Classification (ASJC) codes

  • Business and International Management
  • Strategy and Management
  • Management Science and Operations Research
  • Information Systems and Management
  • Management of Technology and Innovation


Dive into the research topics of 'An evaluation methodology of enterprise security management systems'. Together they form a unique fingerprint.

Cite this