{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,20]],"date-time":"2026-05-20T21:10:35Z","timestamp":1779311435678,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":11,"publisher":"ACM","license":[{"start":{"date-parts":[[2011,2,12]],"date-time":"2011-02-12T00:00:00Z","timestamp":1297468800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2011,2,12]]},"DOI":"10.1145\/1947940.1948051","type":"proceedings-article","created":{"date-parts":[[2011,3,4]],"date-time":"2011-03-04T08:14:52Z","timestamp":1299226492000},"page":"537-540","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["A quantitative methodology for information security control gap analysis"],"prefix":"10.1145","author":[{"given":"Sulagna","family":"Bandopadhyay","sequence":"first","affiliation":[{"name":"Jadavpur University, Kolkata, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anirban","family":"Sengupta","sequence":"additional","affiliation":[{"name":"Jadavpur University, Kolkata, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chandan","family":"Mazumdar","sequence":"additional","affiliation":[{"name":"Jadavpur University, Kolkata, India"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2011,2,12]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"IT Governance Institute. 2005. Aligning COBIT ITIL and ISO 17799 for Business Benefit IL USA."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","unstructured":"IT Governance Institute. 2007. Control Objectives for Information and related Technology (CobiT) 4.1 IL USA.","DOI":"10.5555\/1534415"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.05.001"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.5555\/520907"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/1051559"},{"key":"e_1_3_2_1_6_1","unstructured":"Praxiom ISO IEC 27001 2005 Information Security Gap Analysis Tool - http:\/\/www.praxiom.com\/iso-27001-gap.htm"},{"key":"e_1_3_2_1_7_1","volume-title":"et. al","author":"Ross R.","year":"2009","unstructured":"Ross, R., et. al. 2009. Recommended Security Controls for Federal Information Systems. NIST Special Publication 800--53 Revision 3, MD, USA."},{"key":"e_1_3_2_1_8_1","volume-title":"(eds.)","author":"Soanes C.","year":"2006","unstructured":"Soanes, C. and Stevenson, A. (eds.). 2006. Concise Oxford English Dictionary. Eleventh Edition. Oxford University Press, New York, USA. 475."},{"key":"e_1_3_2_1_9_1","volume-title":"The International Electrotechnical Commission (ISO\/IEC)","author":"The International Organization for Standardization","year":"2005","unstructured":"The International Organization for Standardization, The International Electrotechnical Commission (ISO\/IEC). 2005. ISO\/IEC 27001:2005, Information technology -- Security techniques -- Information security management systems - Requirements. Edition 1. Switzerland."},{"key":"e_1_3_2_1_10_1","volume-title":"The International Electrotechnical Commission (ISO\/IEC)","author":"The International Organization for Standardization","year":"2005","unstructured":"The International Organization for Standardization, The International Electrotechnical Commission (ISO\/IEC). 2005. ISO\/IEC 27002:2005, Information technology -- Security techniques -- Code of practice for information security management. Edition 1. Switzerland."},{"key":"e_1_3_2_1_11_1","volume-title":"The International Electrotechnical Commission (ISO\/IEC)","author":"The International Organization for Standardization","year":"2009","unstructured":"The International Organization for Standardization, The International Electrotechnical Commission (ISO\/IEC). 2009. ISO\/IEC 27004:2009, Information technology -- Security techniques -- Information security management - Measurement. Edition 1. Switzerland."}],"event":{"name":"ICCCS '11: International Conference on Communication, Computing & Security","location":"Rourkela Odisha India","acronym":"ICCCS '11"},"container-title":["Proceedings of the 2011 International Conference on Communication, Computing &amp; Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1947940.1948051","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1947940.1948051","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,20]],"date-time":"2026-05-20T20:29:53Z","timestamp":1779308993000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1947940.1948051"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,2,12]]},"references-count":11,"alternative-id":["10.1145\/1947940.1948051","10.1145\/1947940"],"URL":"https:\/\/doi.org\/10.1145\/1947940.1948051","relation":{},"subject":[],"published":{"date-parts":[[2011,2,12]]},"assertion":[{"value":"2011-02-12","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}