Full Paper View Go Back

Hierarchical Multilevel Information security gap analysis models based on ISO 27001: 2013

A. A. Nasser Al-Shameri1

  1. Dept. of information system, College of science , Sa`adah University, Sa`adah, Yemen.

Correspondence should be addressed to: adelru2009@mail.ru.


Section:Research Paper, Product Type: Isroset-Journal
Vol.3 , Issue.11 , pp.14-23, Dec-2017


CrossRef-DOI:   https://doi.org/10.26438/ijsrms/v3i11.1423


Online published on Dec 31, 2017


Copyright © A. A. Nasser Al-Shameri . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
 

View this paper at   Google Scholar | DPI Digital Library


XML View     PDF Download

How to Cite this Paper

  • IEEE Citation
  • MLA Citation
  • APA Citation
  • BibTex Citation
  • RIS Citation

IEEE Style Citation: A. A. Nasser Al-Shameri, “Hierarchical Multilevel Information security gap analysis models based on ISO 27001: 2013,” International Journal of Scientific Research in Multidisciplinary Studies , Vol.3, Issue.11, pp.14-23, 2017.

MLA Style Citation: A. A. Nasser Al-Shameri "Hierarchical Multilevel Information security gap analysis models based on ISO 27001: 2013." International Journal of Scientific Research in Multidisciplinary Studies 3.11 (2017): 14-23.

APA Style Citation: A. A. Nasser Al-Shameri, (2017). Hierarchical Multilevel Information security gap analysis models based on ISO 27001: 2013. International Journal of Scientific Research in Multidisciplinary Studies , 3(11), 14-23.

BibTex Style Citation:
@article{Al-Shameri_2017,
author = {A. A. Nasser Al-Shameri},
title = {Hierarchical Multilevel Information security gap analysis models based on ISO 27001: 2013},
journal = {International Journal of Scientific Research in Multidisciplinary Studies },
issue_date = {12 2017},
volume = {3},
Issue = {11},
month = {12},
year = {2017},
issn = {2347-2693},
pages = {14-23},
url = {https://www.isroset.org/journal/IJSRMS/full_paper_view.php?paper_id=496},
doi = {https://doi.org/10.26438/ijcse/v3i11.1423}
publisher = {IJCSE, Indore, INDIA},
}

RIS Style Citation:
TY - JOUR
DO = {https://doi.org/10.26438/ijcse/v3i11.1423}
UR - https://www.isroset.org/journal/IJSRMS/full_paper_view.php?paper_id=496
TI - Hierarchical Multilevel Information security gap analysis models based on ISO 27001: 2013
T2 - International Journal of Scientific Research in Multidisciplinary Studies
AU - A. A. Nasser Al-Shameri
PY - 2017
DA - 2017/12/31
PB - IJCSE, Indore, INDIA
SP - 14-23
IS - 11
VL - 3
SN - 2347-2693
ER -

699 Views    310 Downloads    245 Downloads
  
  

Abstract :
This research was conducted to introduce the hierarchical multilevel models, based on categorization of security controls in ISO 27001:2013 standard. And to find out the level of information security in the Yemeni Academy for graduate studies (YAGS) regarding the compliance of implementation of this standard. The results showed maturity level of information security in the YAGS is at level 2 for all MTO, Responsibility categories in all security aspects. The value of the gap between the value of the maturity level of the current and expected level of maturity value is a 2.88 for MTO domains and 2.84 for responsibility groups. This mains that many control weaknesses exist, related security policies and procedures should be developed and security management system and culture should be implemented. The detailed results of benchmarking based on the ISO27001 standard, the method used to measure the maturity level for each security control domain, and the improvement recommendations are presented.

Key-Words / Index Term :
Gap analysis; MTO , Multilevel model, Compliance; ISO 27001; Maturity level

References :
[1] K.Samota, J.patel, “Resent IT trends: A Review paper",International journal of scientific research in multidisciplinary Studies", Vol. 3, Issues 5 , pp. 1 – 7, May. 2017
[2] Anderson, A., Longley, D., and Kwok, L.F., "Security modeling for organizations", CCS `94 Proceedings of the 2nd ACM Conference on Computer and communications security, , p. 241- 250, New York, 1994.
[3] Al-Mayahi and S. P. Mansoor, “ISO 27001 gap analysis – case study” , presented at 2012 International Conference on Security and Management (SAM ’12), Las Vegas, 2012.
[4] Saleh, M. S., Alrabiah, A., and Bakry, S. H., "Using ISO 17799:2005 information security management: a STOPE view with six sigma approach" , International journal of network management, v. 17, 2007, pp.85- 97.
[5] DNB Framework Information Security, point to consider: Available from http://www.toezicht.dnb.nl/en/binaries/51-230769.XLSX
[6] Bahareh S., Hannes F. and Iman S., Evaluating the effectiveness of ISO 27001:2013 based on Annex A, 9th International Ðorkshop on Frontiers in Úvailability, Reliability and Ðecurity (FARES 2014), Ðniversity of Fribourg, Ðwizerland, Sep 11, 2014
[7] Rosmiati, Imam Riadi, Yudi Prayudi , "A Maturity Level Framework for Measurement of Information Security Performance" , International Journal of Computer Applications (0975 – 8887),Volume 141 – No.8, May 2016
[8] S. Faris, H. Medromi, S. El Hasnaouni, H. Iguer and A.Sayouti, "Towards an Effective Information Security Risk Management of Universities Information Systems Using Multi Agent System", Itil, Iso 27002, Iso 27005‖, (IJACSA) Intermasional Journal of Advanced Computer Science and Application, Vol. 5 No. 6 2014, pp 114 –118.
[9] S. M. Wu, D. Guo, W. T. Lin and M. H. Li "web based analytic hierarchy process (ahp) assessment model for information security policy of commercial banks", IJABER, Vol. 14, No. 2 (2016): 951-960

[10] A. A. Nasser, Information security gap analysis based on ISO 27001: 2013 standard: A case study of the Yemeni Academy for Postgraduate Studies, Sana`a, Yemen, ",International journal of scientific research in multidisciplinary Studies", Vol. 3, Issues 12 , pp. 1 – 9, DEC. 2017
[11] Information security management systems requirements, International
Standards ISO/IEC 27001 Std., 2005.
[12] ISO/IEC 27001:2013 – Information technology – Security techniques – Information security management systems –Requirements. International organization for standardization
[13] M. Dey,“Information security management - a practical approach” ,in Proceeding AFRICAN 2007 Conference, 2007.
[14] T K Gusti Ayu, I Made Sukarsa and I Putu Agung B, " Governance Audit of Application Procurement Using COBiT Framework", Journal of Theoretical and Applied Information Technology (JATIT)‖. Vol 59. No.2. pp 342 – 351,.2014,

Authorization Required

 

You do not have rights to view the full text article.
Please contact administration for subscription to Journal or individual article.
Mail us at  support@isroset.org or view contact page for more details.

Go to Navigation