论文信息 - A quantitative methodology for information security control gap analysis

A quantitative methodology for information security control gap analysis

From information security point of view, an enterprise is considered as a collection of assets and their interrelationships. These assets contain vulnerabilities, which may be exploited by threats to breach information security aspects of enterprises. In order to prevent this, security controls need to be implemented. It is important to analyze the gaps that exist in the implementation of controls in an enterprise. The present study proposes such a control gap analysis methodology.

Anirban Sengupta | Chandan Mazumdar | Sulagna Bandopadhyay

[1] Thomas Peltier,et al. Information Security Risk Analysis: A Pedagogic Model Based on a Teaching Hospital , 2006 .

[2] 日本規格協会. 情報技術-セキュリティ技術-情報セキュリティマネジメントシステム-要求事項 : 国際規格ISO/IEC 27001 = Information technology-Security techniques-Information security management systems-Requirements : ISO/IEC 27001 , 2005 .

[3] Angus Stevenson,et al. Concise Oxford English Dictionary , 2009 .

[4] Marianne M. Swanson,et al. Recommended Security Controls for Federal Information Systems , 2005 .

[5] Ibrahim Sogukpinar,et al. A quantitative method for ISO 17799 gap analysis , 2006, Comput. Secur..

[6] Thomas Peltier. Information Security: Policies and Procedures: A Practitioner's Reference , 1998 .

[7] Marianne Swanson,et al. Recommended Security Controls for Federal Information Systems | NIST , 2005 .