A quantitative methodology for information security control gap analysis

Authors:
Sulagna Bandopadhyay;Anirban Sengupta;Chandan Mazumdar
Affiliations:
Jadavpur University, Kolkata, India;Jadavpur University, Kolkata, India;Jadavpur University, Kolkata, India
Venue:
Proceedings of the 2011 International Conference on Communication, Computing & Security
Year:
2011

Citing 3
Cited 0

Information Security Policies and Procedures: A Practitioner's Reference

Information Security Policies and Procedures: A Practitioner's Reference
Information Security Risk Analysis

Information Security Risk Analysis
Cobit 4.1

Cobit 4.1

Quantified Score

Hi-index	0.00

Visualization

Abstract

From information security point of view, an enterprise is considered as a collection of assets and their interrelationships. These assets contain vulnerabilities, which may be exploited by threats to breach information security aspects of enterprises. In order to prevent this, security controls need to be implemented. It is important to analyze the gaps that exist in the implementation of controls in an enterprise. The present study proposes such a control gap analysis methodology.