Modeling Dependencies of ISO/IEC 27002:2013 Security Controls

Security controls like policies, procedures, laws and regulations, or security tools and techniques help in mitigating risks to enterprise information systems. There are several security standards that provide guidance on the implementation of security controls. ISO/IEC 27002:2013 is one of the most widely accepted security standards; it has been adopted by the Indian government for implementation in critical sector enterprises. The controls of ISO/IEC 27002:2013 are inter-dependent and they consist of several types of implementation-specific tasks. Lack of proper research on these aspects makes it extremely difficult for enterprises to implement a comprehensive and correct control implementation programme. The present study analyses the controls of ISO/IEC 27002:2013, categorizes the implementation tasks and details the dependencies among controls and relationships among categories of tasks.