Abstract
Regulatory authorities create a lot of legislation that must be followed. These create complex compliance requirements and time-consuming processes to find regulatory non-compliance. While the regulations establish rules in the relevant areas, recommendations and best practices for compliance are not generally mentioned. Best practices are often used to find a solution to this problem. There are numerous governance, management, and security frameworks in Information Technology (IT) area to guide businesses to run their processes at a much more mature level. Best practice maps can used to map another best practice, and users can adapt themselves by the help of this relation maps. These maps are created generally by an expert judgment or top-down relationship analysis. These methods are subjective and easily creates inconsistencies. In order to have an objective and statistical relationships map, we propose a Latent Semantic Analysis (LSA) based modal to generate a specific relatedness correlation map. We created a relatedness map of a banking regulation to a best practice. We analyzed 224 statements of this regulation in relation to Control Objectives for Information Technologies (Cobit) 2019's 1202 activities. Furthermore, we support our LSA results with MCDM analysis methods; Fuzzy Analytics Hierarchy Process (FAHP) to prioritize our criteria and, WASPAS (Weighted Aggregated Sum Product Assessment Method) to compare similarity results of regulation and Cobit activity pairs. Instead of the subjective methods for mapping best practices and regulations, this study suggests creating relatedness maps supported by the objectivity of LSA.
Highlights
In the Information Technology (IT) world creating standard processes or techniques are crucial
[5] We suggest Latent Semantic Analysis (LSA) can be used to map regulatory compliance requirements to a selected best practice Control Objectives for Information Technologies (Cobit) 2019 activities
This study aims to reveal a scientific similarity map by using the LSA method by extracting the similarity map of Cobit 2019 and the related regulation
Summary
In the IT world creating standard processes or techniques are crucial. Network devices use protocols to connect or server client architecture uses almost same rules to communicate. There are some best practices that are more technical issues in. Another dimension is regulations [1]. Every county has its own regulations to create rules about IT, even some sectors private regulations define more specific rules to obey, but best practices are not sector-specific and creates general detail practices and recommendations. Best practices and regulation relatedness were never worked by the regulator. Regulatory agencies use best practices to address some statements but in general, there is no defined relatedness between them. Best practices to other standards mapped with each other but this mapping generally expert’s subjective views and a top-down approach, they do not match every practice or a statement they generally match master domains
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
