Security Control Frameworks. When performing a gap analysis, one must have an understanding of the desired future or “to be” state. For cybersecurity focused gap analyses, we frequently use IT security controls as the framework for describing the “to be” (or “should be”) state. There are a variety of guidance documents which list and define sets of security controls. If you look at multiple sources, e.g. NIST, SANS, CSIS, you will see that IT controls come in a variety of “flavors”. Some sources use the People, Process, and Technology scheme to organize and define controls. Other sources define controls (safeguards) in terms of the phases of information security to which they apply (e.g, Preventive controls, Detective controls, Deterrent controls, Corrective controls (used in the Response or remediation phases)). A third framework which you used in earlier courses (CSIA 413) is “administrative or managerial, operational, and technical” controls. Research and select a control grouping framework then populate the framework with some examples of the actual controls. Provide your rational as to why you selected your framework and identify an industry or industry vertical to which your framework is most applicable.

    Warranty Moderate Frameworks

    Moderate Objective restraint Knowledge and Allied Technology(COBIT) Framework

    An knowledge warranty moderate framework is termed as a succession of documented processes that entertain been used to specify procedures and policies that are environing the ongoing skill and implementation of knowledge warranty moderates (Kerr et al., 2013). COBIT was patent clear by CISA (Certified Knowledge System Auditor). Its largely standpoint on reducing the organizational, technical destroys. It has of-late patent clear to COBIT 5 that has besides interjacent the alignment of knowledge technology with the strategic ends of a trade. Its utilized to conclude submission with Sarbanes Oxley rules (Zhang et al., al 2013). It’s besides relevant restraint implementing, monitoring, developing and neat IT skill and governance practices.

    The senior end restraint this framework is to determine that the trade has a dishonortelling tongue with each in-reference-to objectives, ends and results hence entity telling to tell to each other (Bernroider et al., 2011). COBIT has been utilized restraint IT destroy skill in a global bank to potently manipulate destroy among bank’s technology team to determine withhold IT impudence processes and governance that were utilized throughout the bank. COBIT can be used in banks restraint the skill of operational destroys.



    Bernroider, E. W., & Ivanov, M. (2011). IT design skill moderate and the Moderate Objectives restraint IT and allied Technology (CobiT) framework. Interdiplomatic Journal of Design Skill, 29(3), 325-336.

    Kerr, D. S., & Murthy, U. S. (2013). The avail of the CobiT framework IT processes restraint potent inside moderate aggravate financial reporting in organizations: An interdiplomatic reconnoitre. Knowledge & Skill, 50(7), 590-597.

    Zhang, S., & Le, F. H. (2013). An Examination of the Practicability of COBIT Framework and the Proposal of a COBIT-BSC Model. Journal of Economics, 1, 5.