Document Type
Journal Article
Publication Date
2006
Abstract
ISO/IEC 17799:2005 is one of the leading standards of information security. It is the code of practice including 133 controls in 11 different domains. There are a number of tools and software that are used by organizations to check whether they comply with this standard. The task of checking compliance helps organizations to determine their conformity to the controls listed in the standard and deliver useful outputs to the certification process. In this paper, a quantitative survey method is proposed for evaluating ISO 17799 compliance. Our case study has shown that the survey method gives accurate compliance results in a short time with minimized cost.
College/Unit
College of Arts, Sciences and Technology
Publication or Event Title
Computers & Security
Volume
25
Issue
6
First Page
413
Last Page
419
DOI
10.1016/j.cose.2006.05.001
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Recommended Citation
Karabacak, B., & Sogukpinar, I. (2006). A quantitative method for ISO 17799 gap analysis. Computers & Security, 25 (6), 413-419. https://doi.org/10.1016/j.cose.2006.05.001