As hackers and ransomware attacks continue to increase, information security is vitally important. Lean and Six Sigma aid in improving information security. We’ll look at three articles that focus on the use of Lean and Six Sigma in information security and finish with a video that discusses information security vs. cyber security.


Application of Six Sigma Tools for Information Security Management System Improvement


In a paper titled “Application of Six Sigma Tools for Improvement of Information Security Management System,” authors Marieta Olaru and others discuss application of Six Sigma tools to solve Information Security Management System (ISMS) implementation issues.

The authors employed three research methods:

  • Focused Theoretical Framework Review
  • DMAIC and PDCA Analysis to Identify Integration Possibilities
  • External Audits of ISMS to Identify Weaknesses

The authors propose improvements to mitigate weaknesses identified using Six Sigma concepts.

The paper includes examples of

  • Six Sigma tools that can be used to improve the Information Security

Management System

  • An interpretation of SIPOC for the starting of the ISMS implementation

You can read the paper here.


A Lean Approach to Information Security


In a paper titled “A Lean Approach to Information Security,” author Frederick Scholl looks at how and where to apply Lean concepts to information security.

The author lists the Lean concepts that can be applied to Information security.

  • Voice of the Customer
  • Continuous Improvement
  • Proactive Behavior
  • Systems Thinking
  • Constancy of Purpose
  • Respect for People
  • Quality at the Source
  • Flow, Pull, and Just In Time
  • Culture

He provides a summary of the characteristics of a security program with and without Lean.

You can read the paper here.


Applying Lean Methodologies to Improve Information Security Processes


In a master’s thesis titled “Application of Lean methodologies in Information Security processes improvement,” author Francisco Ribeiro Pereira da Silva discusses the application of Lean methods for the improvement of information security processes as delivered by an information security consulting company.

The author structured two research questions:

  • How are Information Security consultancy processes currently handled in small and medium sized businesses (SMBs)?
  • How can Lean thinking and its related concepts and methodologies help SMBs improve their Information Security consultancy processes?

A case study focusing on a given information security consulting is discussed, and the improvement opportunities which were identified together with the consulting company are listed.

The identified problem is set upon improving the organization’s ISO 27001 consultancy service process.

NOTE: ISO/IEC 27001 is an international standard on how to manage information security.

You can read the thesis here.


Information vs Cyber Security


In a video from MarkNCA, Mark Nunnikhoven, a forensic scientist, speaker, and technology analyst, discusses information security vs cyber security.


You can watch the video here.


Want to progress further with your Six Sigma career? Join ISSSP today and access the hundreds of interviews, webinars, whitepapers, case studies,

and other resources available in our online library.

Learn More Here