Calculating Compliance Standards

The security of information is important to protect top secret documents for government and private organisations alike. For this reason, many methods have been developed to enforce security and protect access to documents, computers and networks. Some of these methods include policies and procedures. These policies and procedures are compiled according to an Information Security Architecture (ISA). Information security standards help organisations reduce the risk of attacks by stipulating specific measures that should be implemented. These measures will help organisations to be secure from attacks, law suites, breaches, and more. The problem, however, is that there is no standard method that allows researchers, auditors, and academia to calculate the compliance to security standards or the state of information security. This article investigates methods and calculations proposed by other authors to determine compliance. Following on what has been done in the field, this article proposes a procedure that culminates in an information security compliance measure that appears to be standardised over different standards and in different scenarios. This procedure includes well-defined and trusted statistical formulae to calculate the compliance factor. Researchers and academia can use these formulae to standardise the calculation of compliance and to determine the state of information security in comparable terms.