Abstract Decision-making in the context of organizational information security is highly dependent on various information. For information security managers, not only relevant information has to be clarified but also their interdependencies have to be taken into account. Thus, the purpose of this research is to develop a comprehensive model of relevant management success factors (MSF) for organizational information security. First, a literature survey with an open-axial-selective analysis of 136 articles was performed to identify factors influencing information security. These factors were categorized into 12 areas: physical security, vulnerability, infrastructure, awareness, access control, risk, resources, organizational factors, CIA, continuity, security management, compliance & policy. Second, an interview series with 19 experts from the industry was used to evaluate the relevance of these factors in practice and explore interdependencies between them. Third, a comprehensive model was developed. The model shows that there are key-security-indicators, which directly impact the security-status of an organization while other indicators are only indirectly connected. Based on these results, information security managers should be aware of direct and indirect MSFs to make appropriate decisions.

中文翻译：

---

决策者信息安全因素综合模型

摘要 组织信息安全背景下的决策高度依赖于各种信息。对于信息安全管理者来说，不仅要明确相关信息，还要考虑它们的相互依存关系。因此，本研究的目的是为组织信息安全开发相关管理成功因素 (MSF) 的综合模型。首先，对 136 篇文章进行了开放轴向选择性分析的文献调查，以确定影响信息安全的因素。这些因素分为 12 个领域：物理安全、漏洞、基础设施、意识、访问控制、风险、资源、组织因素、中央情报局、连续性、安全管理、合规性和政策。第二，与来自该行业的 19 位专家进行的一系列访谈被用来评估这些因素在实践中的相关性并探讨它们之间的相互依存关系。三是形成了综合模式。该模型表明，存在关键安全指标，直接影响组织的安全状态，而其他指标只是间接关联。基于这些结果，信息安全经理应该了解直接和间接 MSF，以做出适当的决策。