Evaluation of information security approaches: A defense industry organization case

Information security systems are important to ensure business continuity and protect organizations against potential risks. In this context organizations have to analyze their information system processes and they should develop their information systems according to results of the analysis. This paper aims to evaluate the current information security approaches in a defense industry organization in Turkey. The case of the assessment demonstrates information security standards and approaches and reflects the importance of information security implementation within the organizations. In order to achieve research objectives and aims, Information Security Assessment Tool for State Agencies (an information security assessment tool) was chosen as the research instrument for this study. The results obtained from the assessment tool revealed that major applications were implemented by the defense industry organization. According to the assessments, the study recommends that education and training programs and policies should be developed, and that interoperability of information security functions should be provided in the defense industry.