well, this is out capcha image    ISSN 2454-9312 (Online), 2454-6143 (Print) Academic Partner  
    Current Issue
    Special Issues
    Archive Issue
    Best Paper Award
    Author Guidelines
    Call for Reviewer
    Coverage Areas
    Correction Policy
    Peer Review Process
    Ethics and Malpractice
    How to Publish Paper

Directaly Press request for print hard copy of issue via email editor@isroset.org

    Paper Format
    Copyright Transfer Form
    Digital Certificate
    Spl Issue Digital Certificate
Full Paper View
Hierarchical Multilevel Information security gap analysis models based on ISO 27001: 2013
A. A. Nasser Al-Shameri1
1 Dept. of information system, College of science , Sa`adah University, Sa`adah, Yemen.
Correspondence should be addressed to: adelru2009@mail.ru.
Section:Research Paper, Product Type: Isroset-Journal
Vol.3 , Issue.11 , pp.14-23, Dec-2017

CrossRef-DOI:   https://doi.org/10.26438/ijsrms/v3i11.1423

Online published on Dec 31, 2017
Copyright © A. A. Nasser Al-Shameri . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
View this paper at   Google Scholar | DPI Digital Library
  XML View PDF Download  
Citation :
IEEE Style Citation: A. A. Nasser Al-Shameri, “Hierarchical Multilevel Information security gap analysis models based on ISO 27001: 2013”, International Journal of Scientific Research in Multidisciplinary Studies , Vol.3, Issue.11, pp.14-23, 2017.

MLA Style Citation: A. A. Nasser Al-Shameri "Hierarchical Multilevel Information security gap analysis models based on ISO 27001: 2013." International Journal of Scientific Research in Multidisciplinary Studies 3.11 (2017): 14-23.

APA Style Citation: A. A. Nasser Al-Shameri, (2017). Hierarchical Multilevel Information security gap analysis models based on ISO 27001: 2013. International Journal of Scientific Research in Multidisciplinary Studies , 3(11), 14-23.
Abstract :
This research was conducted to introduce the hierarchical multilevel models, based on categorization of security controls in ISO 27001:2013 standard. And to find out the level of information security in the Yemeni Academy for graduate studies (YAGS) regarding the compliance of implementation of this standard. The results showed maturity level of information security in the YAGS is at level 2 for all MTO, Responsibility categories in all security aspects. The value of the gap between the value of the maturity level of the current and expected level of maturity value is a 2.88 for MTO domains and 2.84 for responsibility groups. This mains that many control weaknesses exist, related security policies and procedures should be developed and security management system and culture should be implemented. The detailed results of benchmarking based on the ISO27001 standard, the method used to measure the maturity level for each security control domain, and the improvement recommendations are presented.
Key-Words / Index Term :
Gap analysis; MTO , Multilevel model, Compliance; ISO 27001; Maturity level
References :
[1] K.Samota, J.patel, “Resent IT trends: A Review paper",International journal of scientific research in multidisciplinary Studies", Vol. 3, Issues 5 , pp. 1 – 7, May. 2017
[2] Anderson, A., Longley, D., and Kwok, L.F., "Security modeling for organizations", CCS `94 Proceedings of the 2nd ACM Conference on Computer and communications security, , p. 241- 250, New York, 1994.
[3] Al-Mayahi and S. P. Mansoor, “ISO 27001 gap analysis – case study” , presented at 2012 International Conference on Security and Management (SAM ’12), Las Vegas, 2012.
[4] Saleh, M. S., Alrabiah, A., and Bakry, S. H., "Using ISO 17799:2005 information security management: a STOPE view with six sigma approach" , International journal of network management, v. 17, 2007, pp.85- 97.
[5] DNB Framework Information Security, point to consider: Available from http://www.toezicht.dnb.nl/en/binaries/51-230769.XLSX
[6] Bahareh S., Hannes F. and Iman S., Evaluating the effectiveness of ISO 27001:2013 based on Annex A, 9th International Ðorkshop on Frontiers in Úvailability, Reliability and Ðecurity (FARES 2014), Ðniversity of Fribourg, Ðwizerland, Sep 11, 2014
[7] Rosmiati, Imam Riadi, Yudi Prayudi , "A Maturity Level Framework for Measurement of Information Security Performance" , International Journal of Computer Applications (0975 – 8887),Volume 141 – No.8, May 2016
[8] S. Faris, H. Medromi, S. El Hasnaouni, H. Iguer and A.Sayouti, "Towards an Effective Information Security Risk Management of Universities Information Systems Using Multi Agent System", Itil, Iso 27002, Iso 27005‖, (IJACSA) Intermasional Journal of Advanced Computer Science and Application, Vol. 5 No. 6 2014, pp 114 –118.
[9] S. M. Wu, D. Guo, W. T. Lin and M. H. Li "web based analytic hierarchy process (ahp) assessment model for information security policy of commercial banks", IJABER, Vol. 14, No. 2 (2016): 951-960

[10] A. A. Nasser, Information security gap analysis based on ISO 27001: 2013 standard: A case study of the Yemeni Academy for Postgraduate Studies, Sana`a, Yemen, ",International journal of scientific research in multidisciplinary Studies", Vol. 3, Issues 12 , pp. 1 – 9, DEC. 2017
[11] Information security management systems requirements, International
Standards ISO/IEC 27001 Std., 2005.
[12] ISO/IEC 27001:2013 – Information technology – Security techniques – Information security management systems –Requirements. International organization for standardization
[13] M. Dey,“Information security management - a practical approach” ,in Proceeding AFRICAN 2007 Conference, 2007.
[14] T K Gusti Ayu, I Made Sukarsa and I Putu Agung B, " Governance Audit of Application Procurement Using COBiT Framework", Journal of Theoretical and Applied Information Technology (JATIT)‖. Vol 59. No.2. pp 342 – 351,.2014,
User Section

If you do not have an account Click here for registration.
Email Id :   *
Password :   *
New User?   Forgot Password
Authorization Required

You do not have rights to view the full text article.
Please contact administration for subscription to Journal or individual article.
Mail us at  editor@isroset.org or view contact page for more details.

Impact Factor
Year :  
Member of DOI/CrossRef
Thomson Reuters RID
Conference Publication

We feel pleased to publish such types of international, National conference, workshop, seminar, symposium souvenir, proceeding with ISROSET Submit Here

Open Access
     Home l Cancellation Policy l Refund Policy l Terms & Conditions l Privacy Policy l Our Services l Sitemap This work is licensed under an Attribution-NC-ND 4.0 International (CC BY-NC-ND 4.0)
ISROSET is the world's largest leading and growing professional organization dedicated to pioneering scientific research for the benefit of humanity without financial restriction.
© Copyright-2016 IJSRMS: All rights reserved. Use of this website signifies your agreement to the terms and conditions. Reg. No: 24143/IND/CE/2012