| ID | Year | Ref | Existing Components | CSRAM Components |
| 1 | 2014 | [15] | Characterization, threat assessment, vulnerability assessment, risk evaluation, risk treatment | þ |
| 2 | 2014 | [17] | policy formulation, policy implementation, policy enforcement, and policy monitoring. | þ |
| 3 | 2016 | [18] | Establish information security policy development team, determine the security needs of the organisation, compiling the security policy document, and the implementation and maintenance stage | þ |
| 4 | 2017 | [19] | Policy Initiation, Policy Drafting, Policy Implementation, Policy Review, and Policy Maintenance | þ |
| 5 | 2017 | [20] | information security; policy; decision making | þ |
| 6 | 2018 | [21] | Cyber Security, Cyber Security Policy, Implementation | þ |
| 7 | 2018 | [22] | Cybersecurity, assess threats | þ |
| 8 | 2018 | [65] | Construct, Construct, Compliance, Information Security Practice Behaviours | þ |
| 9 | 2022 | [4] | Risk identification, risk assessment, risk control, risk monitoring and response, and risk communication | þ |
| 10 | 2022 | [23] | Monitoring, Measurement, Compliance, Information security controls | þ |
| 11 | 2023 | [16] | Information security risk assessment, implementation of security controls, monitoring, and review | þ |
| 12 | 2023 | [70] | Internet of Things, Cybersecurity, Firmware, Entropy, Hardcoded, Attack Vector | þ |
| 13 | 2023 | [70] | Security assessment, Decision tree, Copula functions, Machine learning | þ |
| 14 | 2023 | [24] | Information security, Policy, Decision making | þ |
| 15 | 2023 | [25] | Information security assessment, Security assessment, Fuzzy theory, Smart grid | þ |