<![CDATA[The problem of managing information security controls is complex because the domains outlined in standards like ISO/IEC 27002 rarely operate in isolation; they have intricate interdependencies that are often overlooked. This oversight can lead to fragmented security controls, inefficient resource allocation, and weaknesses in overall security governance. To address this issue, this paper proposes a literature-based heat matrix methodology, building on ISO/IEC 27002:2013 while referencing the updated 2022 guidance, NIST SP 800-53 Revision 5, and COBIT 2019. The primary goal is to assign numerical correlation values to the fourteen domains of ISO/IEC 27002:2013, providing a structured approach to visualize and understand their interrelationships. The methodology involves a comprehensive literature review and is complemented by expert validation from experienced practitioners to refine the correlation scores. The result is an illustrative 14x14 matrix that demonstrates how numeric inter-domain correlations can reveal critical overlaps and guide strategic decision-making. A new five-tier correlation scale is introduced to aid interpretation, clarifying whether two domains have very low, low, moderate, high, or very high levels of interdependency. This approach offers a significant impact on the field of informatics and computer science by enabling organizations to move beyond siloed security management. By recognizing these correlations, organizations can allocate resources more effectively, enhance holistic risk management, and strengthen security governance. The heat matrix serves as a practical tool for practitioners and managers to identify domain pairs that require close coordination, ultimately leading to more coherent policy frameworks and a more robust security posture.]]>
Copyrights © 2025
