Systematic Literature Review of Security Control Assessment Challenges

Abstract

The advancement of cybersecurity has called for active effective information security management. Security control (SC) assessment must be empowered to ensure that security implementation is effective and provides expected protection. Lack of comprehensive literature analysis on SC assessment compared to risk and threats assessments are concerning. This research aims to systematically review the trends of SC assessment by identifying, categorizing and analyzing the challenges and available solutions of SC assessment. 34 articles were qualitatively selected with a definite contribution in SC assessment. These articles were reviewed using thematic analysis according to Theme 1: Assessment Challenges, and Theme 2: Proposed Solution. Findings from each theme are systematically categorized to answer research questions. The results of this review are significant in identifying the issues and areas of improvement for future research and can serve as the baseline for SC assessment characteristics.