{"id":"https://openalex.org/W2084962243","doi":"https://doi.org/10.1145/1947940.1948051","title":"A quantitative methodology for information security control gap analysis","display_name":"A quantitative methodology for information security control gap analysis","publication_year":2011,"publication_date":"2011-01-01","ids":{"openalex":"https://openalex.org/W2084962243","doi":"https://doi.org/10.1145/1947940.1948051","mag":"2084962243"},"language":"en","primary_location":{"id":"doi:10.1145/1947940.1948051","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1947940.1948051","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2011 International Conference on Communication, Computing &amp; Security - ICCCS '11","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5113644020","display_name":"Sulagna Bandopadhyay","orcid":null},"institutions":[{"id":"https://openalex.org/I170979836","display_name":"Jadavpur University","ror":"https://ror.org/02af4h012","country_code":"IN","type":"education","lineage":["https://openalex.org/I170979836"]}],"countries":["IN"],"is_corresponding":true,"raw_author_name":"Sulagna Bandopadhyay","raw_affiliation_strings":["Jadavpur University, Kolkata, India","Jadavpur University, Kolkata. India#TAB#"],"affiliations":[{"raw_affiliation_string":"Jadavpur University, Kolkata, India","institution_ids":["https://openalex.org/I170979836"]},{"raw_affiliation_string":"Jadavpur University, Kolkata. India#TAB#","institution_ids":["https://openalex.org/I170979836"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070024088","display_name":"Anirban Sengupta","orcid":"https://orcid.org/0000-0002-6239-256X"},"institutions":[{"id":"https://openalex.org/I170979836","display_name":"Jadavpur University","ror":"https://ror.org/02af4h012","country_code":"IN","type":"education","lineage":["https://openalex.org/I170979836"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Anirban Sengupta","raw_affiliation_strings":["Jadavpur University, Kolkata, India","Jadavpur University, Kolkata. India#TAB#"],"affiliations":[{"raw_affiliation_string":"Jadavpur University, Kolkata, India","institution_ids":["https://openalex.org/I170979836"]},{"raw_affiliation_string":"Jadavpur University, Kolkata. India#TAB#","institution_ids":["https://openalex.org/I170979836"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5062156678","display_name":"Chandan Mazumdar","orcid":"https://orcid.org/0000-0002-4252-8861"},"institutions":[{"id":"https://openalex.org/I170979836","display_name":"Jadavpur University","ror":"https://ror.org/02af4h012","country_code":"IN","type":"education","lineage":["https://openalex.org/I170979836"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Chandan Mazumdar","raw_affiliation_strings":["Jadavpur University, Kolkata, India","Jadavpur University, Kolkata. India#TAB#"],"affiliations":[{"raw_affiliation_string":"Jadavpur University, Kolkata, India","institution_ids":["https://openalex.org/I170979836"]},{"raw_affiliation_string":"Jadavpur University, Kolkata. India#TAB#","institution_ids":["https://openalex.org/I170979836"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5113644020"],"corresponding_institution_ids":["https://openalex.org/I170979836"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.15854011,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"537","last_page":"537"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.980400025844574,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.980400025844574,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9358999729156494,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.6561013460159302},{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.6255288124084473},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6016424298286438},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5808849930763245},{"id":"https://openalex.org/keywords/asset","display_name":"Asset (computer security)","score":0.5495740175247192},{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.5308008790016174},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.5169565081596375},{"id":"https://openalex.org/keywords/order","display_name":"Order (exchange)","score":0.5159381031990051},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.47725507616996765},{"id":"https://openalex.org/keywords/point","display_name":"Point (geometry)","score":0.46981552243232727},{"id":"https://openalex.org/keywords/security-analysis","display_name":"Security analysis","score":0.42584118247032166},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.4164925515651703},{"id":"https://openalex.org/keywords/information-security-standards","display_name":"Information security standards","score":0.41451945900917053},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.3897719979286194},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.31781506538391113},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.31643569469451904},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.2926715016365051},{"id":"https://openalex.org/keywords/network-security-policy","display_name":"Network security policy","score":0.1351671814918518},{"id":"https://openalex.org/keywords/finance","display_name":"Finance","score":0.07923635840415955},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.07190009951591492}],"concepts":[{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.6561013460159302},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.6255288124084473},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6016424298286438},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5808849930763245},{"id":"https://openalex.org/C76178495","wikidata":"https://www.wikidata.org/wiki/Q4808784","display_name":"Asset (computer security)","level":2,"score":0.5495740175247192},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.5308008790016174},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.5169565081596375},{"id":"https://openalex.org/C182306322","wikidata":"https://www.wikidata.org/wiki/Q1779371","display_name":"Order (exchange)","level":2,"score":0.5159381031990051},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.47725507616996765},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.46981552243232727},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.42584118247032166},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.4164925515651703},{"id":"https://openalex.org/C139547956","wikidata":"https://www.wikidata.org/wiki/Q6031202","display_name":"Information security standards","level":5,"score":0.41451945900917053},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3897719979286194},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.31781506538391113},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.31643569469451904},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.2926715016365051},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.1351671814918518},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.07923635840415955},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.07190009951591492},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1947940.1948051","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1947940.1948051","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2011 International Conference on Communication, Computing &amp; Security - ICCCS '11","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5799999833106995,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":6,"referenced_works":["https://openalex.org/W657731981","https://openalex.org/W1543426176","https://openalex.org/W1549342539","https://openalex.org/W2005191069","https://openalex.org/W2051947662","https://openalex.org/W2620524678"],"related_works":["https://openalex.org/W147109933","https://openalex.org/W3159280571","https://openalex.org/W2138802450","https://openalex.org/W4289113990","https://openalex.org/W2185133343","https://openalex.org/W2103623742","https://openalex.org/W805142288","https://openalex.org/W793801093","https://openalex.org/W3016899647","https://openalex.org/W1994937478"],"abstract_inverted_index":{"From":[0],"information":[1,30],"security":[2,31,40],"point":[3],"of":[4,13,33,58],"view,":[5],"an":[6,61],"enterprise":[7],"is":[8,47],"considered":[9],"as":[10],"a":[11,68],"collection":[12],"assets":[14,19],"and":[15],"their":[16],"interrelationships.":[17],"These":[18],"contain":[20],"vulnerabilities,":[21],"which":[22],"may":[23],"be":[24,44],"exploited":[25],"by":[26],"threats":[27],"to":[28,37,43,49],"breach":[29],"aspects":[32],"enterprises.":[34],"In":[35],"order":[36],"prevent":[38],"this,":[39],"controls":[41,59],"need":[42],"implemented.":[45],"It":[46],"important":[48],"analyze":[50],"the":[51,56],"gaps":[52],"that":[53],"exist":[54],"in":[55,60],"implementation":[57],"enterprise.":[62],"The":[63],"present":[64],"study":[65],"proposes":[66],"such":[67],"control":[69],"gap":[70],"analysis":[71],"methodology.":[72]},"counts_by_year":[{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2015,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}