Comparison should include
information security
assets and liabilities
confidentiality, integrity, and availability (CIA Triad)
security policies.