A multifaceted evaluation of the reference model of information assurance & security

The evaluation of a conceptual model, which is an outcome of a qualitative research, is an arduous task due to the lack of a rigorous basis for evaluation. Overcoming this challenge, the paper at hand presents a detailed example of a multifaceted evaluation of a Reference Model of Information Assurance & Security (RMIAS), which summarises the knowledge acquired by the Information Assurance & Security community to date in one all-encompassing model. A combination of analytical and empirical evaluation methods is exploited to evaluate the RMIAS in a sustained way overcoming the limitations of separate methods. The RMIAS is analytically evaluated regarding the quality criteria of conceptual models and compared with existing models. Twenty-six semistructured interviews with IAS experts are conducted to test the merit of the RMIAS. Three workshops and a case study are carried out to verify the practical value of the model. The paper discusses the evaluation methodology and evaluation results.