There are a few approaches to help in the selection of security solution; for example, some authors propose a mechanism that supports decision making to define the best set of security controls according to the family of standards in ISO/IEC 27000.

Reference:

• T. Neubauer, A. Ekelhart, and S. Fenz, ‘Interactive Selection of ISO 27001 Controls under Multiple Objectives’, in Proceedings of The Ifip Tc 11 23rd International Information Security Conference, 2008, pp. 477–492.