Next Article in Journal
A Model to Measure U-Learning in Virtual Higher Education: U-CLX
Next Article in Special Issue
Combining SABSA and Vis4Sec to the Process Framework IdMSecMan to Continuously Improve Identity Management Security in Heterogeneous ICT Infrastructures
Previous Article in Journal
Oral Combination Treatment of Gefitinib (IressaTM) and Sasam-Kyeongokgo: Synergistic Effects on the NCI-H520 Tumor Cell Line
Previous Article in Special Issue
A Deep Learning Method for Lightweight and Cross-Device IoT Botnet Detection
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 13
Issue 2
10.3390/app13021094
Review Report
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

MASISCo—Methodological Approach for the Selection of Information Security Controls

Appl. Sci. 2023, 13(2), 1094; https://doi.org/10.3390/app13021094
by Mauricio Diéguez 1,*, Carlos Cares 1, Cristina Cachero 2 and Jorge Hochstetter 1
Reviewer 2:
Sarunas Grigaliunas
Reviewer 3: Anonymous
Appl. Sci. 2023, 13(2), 1094; https://doi.org/10.3390/app13021094
Submission received: 13 October 2022 / Revised: 30 October 2022 / Accepted: 31 October 2022 / Published: 13 January 2023
(This article belongs to the Collection Innovation in Information Security)

Round 1

Reviewer 1 Report

Dear Authors,

Congratulations. Nice paper about

There are a few aspects to be fixed before its publication:

- In Table 1 what it is the meaning of adding "Programming"?

- In Table 1 "Qualitative Solutionss" should be "Qualitative Solutions".

- In Figure 2 there is a word in Spanish "Diagnóstico".

- In Table 2 there is another word in Spanish "Función". 

- The complete caption of Table 3 appears in Spanish.

- The Figure 10 should be explained better.

Kind regards

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

The authors did not bother to look up the new standard (e.g. ISO 27001:2013 is not the current version. If we are talking about controls, the author missed the ISACA Cobit standard. The current version of ISO 27002 was not considered, but rather the old one used in 2013. The overview of related work and resources needs to be updated. First, the scope of the application needs to be defined, and then controls need to be separated by the field of application.

The work is interesting, but the resources are old and the experiment to create a methodology needs to be repeated with experts in this field. A simple questionnaire survey is not a sufficient result for the control selection method.

Comments for author File: Comments.pdf

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 3 Report

1. Kindly reduce abstract sections and  add some impact full discussion. 2. In the end of introduction section add research objective and contribution should be points wise. also break large paragraph into small paragraph. 3. Kindly add literature survey with comparison table. 4. Figure 9,10 looking blurred Kindly updtae. 5. If possible add some good some graphical comparison in the result section. 6. proof read required 7. Conclusions having very less information.

Author Response

Please see the attachment

Author Response File: Author Response.pdf

Round 2

Reviewer 2 Report

The authors take into account the provided comments. The use of the new version of the standards in the work is easy to disagree with, but as mentioned, it does not have a significant impact on the experiment itself. What is proposed is not a solution but a method. Some doubts remain regarding the validity of the experiment. The authors should probably think more broadly in the future. The work is suitable for publication.

Back to TopTop