Welcome to the InfoSci Platform
Reference Hub2
Three Models to Measure Information Security Compliance

Three Models to Measure Information Security Compliance

Wasim A. Al-Hamdani
Copyright: © 2009 |Volume: 3 |Issue: 4 |Pages: 25
ISSN: 1930-1650|EISSN: 1930-1669|ISSN: 1930-1650|EISBN13: 9781616920685|EISSN: 1930-1669|DOI: 10.4018/jisp.2009100104
Cite Article Cite Article

MLA

Al-Hamdani, Wasim A. "Three Models to Measure Information Security Compliance." IJISP vol.3, no.4 2009: pp.43-67. http://doi.org/10.4018/jisp.2009100104

APA

Al-Hamdani, W. A. (2009). Three Models to Measure Information Security Compliance. International Journal of Information Security and Privacy (IJISP), 3(4), 43-67. http://doi.org/10.4018/jisp.2009100104

Chicago

Al-Hamdani, Wasim A. "Three Models to Measure Information Security Compliance," International Journal of Information Security and Privacy (IJISP) 3, no.4: 43-67. http://doi.org/10.4018/jisp.2009100104

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

This work introduces three models to measure information security compliance. These are the cardinality model, the second’s model, which is based on vector space, and the last model is based on the priority principle. Each of these models will be presented with definitions, basic operations, and examples. All three models are based on a new theory to understand information security called the Information Security Sets Theory (ISST). The ISST is based on four basic sets: external sets, local strategy sets, local standard sets, and local implementation sets. It should be noted that two sets are used to create local standard sets—local expansion and local creation. The major differences between the Zermelo Fraenkel set theory and the ISST are the elimination of using empty element and empty set. This assumption is based on “there is not empty security” measure and the is substituted to be and is defined as “minimum security (or system default security)”. The main objective of this article is to achieve new modeling system for information security compliance. The compliance measurement is defined in the first model as the cardinality between local strategy sets and the actual local implementation. The second model is looking at the security compliance as the angle between two sets, local implementation and local standard. The third model is based on the priority philosophy for local security standard.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.