Validation of the use of KPIs to measure information security management system performance in manufacturing companies
By: Andrzej Pacana
and Karolina Czerwińska
and Karolina Czerwińska References
- AlRababah, AA., AlShahrani, A., Al-Kasasbeh, B. 2016. Efficiency Model of Information Systems as an Implementation of Key Performance Indicators. International Journal of Computer Science and Network Security, 16, 12, 139-143.
- Alsafwani, N., Fazea, Y., Alnajjar, F. 2024. Strategic Approaches in Network Communication and Information Security Risk Assessment. Information. 15, 6. DOI: 10.3390/info15060353.
- Andersson, A., Hedstrom, K., Karlsson, F. 2022. Standardizing information security - a structurational analysis. Information & Management, 59, 3. DOI: 10.1016/j.im.2022.103623.
- Bernik, I., Prislan, K. 2016. Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation. PLOS ONE, 11, 9. DOI: 10.1371/journal.pone.0163050.
- Blaskova, M., Blasko, R., Rosak-Szyrocka, J., Ulewicz, R. 2017. flexibility and variability of motivating employees and managers in Slovakia and Poland. Polish Journal of Management Studies, 15, 1, 26-36. DOI: 10.17512/pjms.2017.15.1.03.
- Bolek, V., Romanova, A., Korcek, F. 2023. The Information Security Management Systems in E-Business. Journal of Global Information Management, 31, 1, 27-29. DOI: 10.4018/JGIM.316833.
- Brown, D., Batra, G., Zafar, H., Saeed, K. 2004. Reducing fraud in organizations through information security policy compliance: An information security controls perspective. Computers & Security, 144. DOI: 0.1016/j.cose.2024.103958.
- Braglia, M., Gabbrielli, R., Marrazzini, L., Padellini, L. 2022. Key Performance Indicators and Industry 4.0-A structured approach for monitoring the implementation of digital technologies. 3RD International Conference on Industry 4.0 and Smart Manufacturing, 200, 1626-1635. DOI: 10.1016/j.procs.2022.01.363.
- Czerwińska, K., Pacana, A. 2024. Method of Analyzing Technological Data in Metric Space in the Context of Industry 4.0. Processes, 12, 2. DOI: 10.3390/pr12020401.
- Czerwińska, K., Pacana, A. 2022. Analysis of the maturity of process monitoring in manufacturing companies. Production Engineering Archives, 28, 3, 246-251. DOI: 10.30657/pea.2022.28.30.
- Czerwińska, K., Pacana, A. 2019. Analysis of the implementation of the identification system for directly marked parts - DataMatrix code. Production Engineering Archives, 23, 23, 22-26. DOI: 10.30657/pea.2019.23.04.
- Deruma. S. 2025. Cyber Resilience Key Metrics In Small And Medium-Sized Enterprises. Economics Ecology Socium, 9, 1, 15-23. DOI: 10.61954/2616-7107/2025.9.1-2.
- Fiore, APA., Facin, ALF., Minuz, J JR. 2023. Information security and quality management systems integration: challenges and critical factors. International Journal for Quality Research, 17, 3, 635-650. DOI: 10.24874/IJQR17.03-01.
- Fujs, D., Vrhovec, S., Vavpotic, D. 2023. Balancing software and training requirements for information security. COMPUTERS & SECURITY, 134. DOI: 10.1016/j.cose.2023.103467.
- Gajdzik, b., Wolniak, R. 2021. Digitalisation and Innovation in the Steel Industry in Poland-Selected Tools of ICT in an Analysis of Statistical Data and a Case Study. Energies, 14, 11. DOI: 10.3390/en14113034.
- Gwebu, KL., Wang, J. The defining features of a robust information security climate. Computers & Security, 142. DOI: 10.1016/j.cose.2024.103891.
- Haryatno, MA., Putra, YH. 2024. Developing security privacy program in information system. Journal of Engineering Science and Technology, 19, 3, 821-833.
- Information technoloy- Security techniques- Information security management- Measurement (1st ed.). ISO; 2016
- Jena, MC., Mishra, SK., Moharana, HS. 2024. Integration of Industry 4.0 with reliability centered maintenance to enhance sustainable manufacturing. Environmental Progress & Sustainable Energy, 43, 2. DOI: 10.1002/ep.14321.
- Kitsios, F., Chatzidimitriou, E., Kamariotou, M. 2023. The ISO/IEC 27001 Information Security Management Standard: How to Extract Value from Data in the IT Sector. Sustainability, 15, 7. DOI: 10.3390/su15075828.
- Kizilelma, TT., Tutuncu, O., Aydin, I. 2023. The relationship between quality and information security management, and safety climate in healthcare. International Journal for Quality Research, 17, 3, 815-832. DOI: 10.24874/IJQR17.03-12.
- Klimecka-Tatar, D., Angaldi, M. 2022. Digitization of processes in manufacturing SMEs - value stream mapping and OEE analysis. 3RD International Conference on Industry 4.0 and Smart Manufacturing, 200, 660-668. DOI: 10.1016/j.procs.2022.01.264.
- Klimecka-Tatar, D. 2016 . Przepływ informacji technicznych w procesie produkcji uzupełnień protetycznych, Transakcje techniczne, Mechanika, 3, 87-92.
- Kong, HK., Kim, TS., Kim, J. 2012. An analysis on effects of information security investments: a BSC perspective. Journal of Intelligent Manufacturing, 23, 4, 914-953. DOI: 10.1007/s10845-010-0402-7.
- Krawiec, J. 2013. Systemy SZBI – Pomiary bezpieczenstwa onformacji. IT-professional, 6, s. 57.
- Krynke, M., Ivanova, T.N., Revenko, N.F., 2022. Factors, increasing the efficiency of work of maintenance, repair and operation units of industrial enterprises. Management Systems in Production Engineering, 30(1), 91-97. DOI: 10.2478/mspe-2022-0012
- Krzemień, E., Wolniak, R. 2002. Systemy zarządzania informacją i ich wpływ na zarządzanie jakością, Zeszyty Naukowe. Organizacja i Zarządzanie / Politechnika Śląska, Wydawnictwo Politechniki Śląskiej, 12, 315-323.
- Lashno, V., adilzhanova, S., Ydyryshbayeva, NN., turgynbayeva, A., Kyryvoruchko, O., Chubaievskyi, V., Desiatko, A. 2023. Adaptive Monitoring of Companies’ Information Security. International Journal of Electronics and Telecommunications, 69, 1, 75-82. DOI: 10.24425/ijet.2023.144334.
- Lopes, MJ., Rocha, EM. 2022. Impact Analysis of KPI Scenarios, Automated Best Practices Identification, and Deviations on Manufacturing Processes. 2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA). DOI: 10.1109/ETFA52439.2022.9921462.
- Lyon, G. 2024. Informational inequality: the role of resources and attributes in information security awareness. Information and Computer Security, 32, 2, 197-217. DOI: 10.1108/ICS-04-2023-0063.
- Marhad, SS., Abd Goni, SZ., Sani, MKJA, 2024. Implementation of Information Security Management Systems for Data Protection in Organizations: A systematic literature review. ENVIRONMENT-BEHAVIOUR PROCEEDINGS JOURNAL, 9, 197-203. DOI: 10.21834/ebpj.v9iSI18.5483.
- Mazur, K., Ksiezopolski, B., Kotulski, Z. 2015. The Robust Measurement Method for Security Metrics Generation. Computer Journal. 58, 10, 2280-2296. DOI: 10.1093/comjnl/bxu100.
- Nasir, A., Arshah, RA., Ab Hamid, MR., Fahmy, S. 2022. Information Security Culture Concept towards Information Security Compliance: A Comparison between IT and Non-IT Professionals. International Journal Of Integrated Engineering. 14, 3, 157-165. DOI: 10.30880/ijie.2022.14.03.017.
- Polska Norma PN-ISO/IEC 2382-1:1996: Technika informatyczna Terminologia Terminy podstawowe. Warszawa, PKN 1996.
- Pacana, A., Czerwińska, K., Bednarova, L., Petrovsky, R. 2024. Indicator method as a way of analyzing the level of implementation of the objectives of sustainable development. Sustainability, 16, 1. DOI: 10.3390/su16010195.
- Pacana, A., Czerwińska, K., Grebski, M. E., 2021. Analysis of the possibility of using key performance indicators in the systems of logistics and production enterprises. Modern Management Review, 26, 1, 37-47.
- Pacana, A., Czerwińska, K. 2023. A quality control improvement model that takes into account the sustainability concept and KPIs. Sustainability, 15, 2. DOI: 10.3390/su15129627.
- Podrecca, M., Culot, G., Nassimbeni, G., Sartor, M. 2022. Information security and value creation: The performance implications of ISO/IEC 27001. Computers in Industry, 142. DOI: 10.1016/j.compind.2022.103744.
- Sengupta, A. 2022. A Stakeholder-Centric Approach for Defining Metrics for Information Security Management Systems. Risks And Security Of Internet And Systems (CRISIS 2021). 13204, 57-73. DOI: 10.1007/978-3-031-02067-4_4.
- Schroder, J., Breier, J., 2024. RMF: A Risk Measurement Framework for Machine Learning Models. 19th International Conference on Availability, Reliability, and Security, Ares 2024, 66. DOI: 10.1145/3664476.3670867.
- Sienkiewicz, P., 2005. 10 wykładów. Warszawa: Akademia Obrony Narodowej, s. 62.
- Souifi, A., Boulanger, ZC., Zolghadri, M., Barkallah, M., Haddar, M. 2022. Uncertainty of key performance indicators for Industry 4.0: A methodology based on the theory of belief functions. Computers in Industry, 140. DOI: 10.1016/j.compind.2022.103666.
- Totty, S., Li. H., Zhang, C., Janz. 2024. Information Security Research in the Information Systems Discipline: A Thematic Review and Future Research Directions. Data Base for Advances in Information Systems, 55, 3,135-169. DOI: 10.1145/3685235.3685242.
- Wolniak, R., Burtan, D., 2009. Wykorzystanie metody FMEA do analizy bezpieczeństwa informacji. Zarządzanie Przedsiębiorstwem, Polskie Towarzystwo Zarządzania Produkcją, 12, 1 s. 70-84.
- Zammani, M., Razali, R., Singh, D. 2021. Organisational information security management maturity model, International Journal of Advanced Computer Science and Applications, 12, 9, 668-678.
Language: English
Page range: 266 - 275
Submitted on: Feb 8, 2025
Accepted on: May 7, 2025
Published on: May 27, 2025
Published by: Quality and Production Managers Association
In partnership with: Paradigm Publishing Services
Publication frequency: 4 issues per year
Keywords:
Related subjects:
© 2025 Andrzej Pacana, Karolina Czerwińska, published by Quality and Production Managers Association
This work is licensed under the Creative Commons Attribution 4.0 License.