1.
Anil K. Kaushik
2.
Anirban Sengupta
3.
Chandan Mazumdar
4.
P. Banerjee
Abstract
An enterprise is viewed as a collection of assets and their
interrelationships. These assets contain vulnerabilities,
which may be exploited by threats to breach information
security aspects of enterprises. In order to prevent this,
security controls need to be implemented. ISO/IEC
27002:2005 is a widely accepted security standard that
contains details of enterprise security controls. These
controls are inter-dependent. The present study proposes a
model of control-dependence for ISO/IEC 27002.
Keywords: Enterprise Information Security, Security controls, Control dependence, Risk Management, ISO/IEC
27002