Information security risk management model for mitigating the impact on SMEs in Peru
Descripción del Articulo
El texto completo de este trabajo no está disponible en el Repositorio Académico UPC por restricciones de la casa editorial donde ha sido publicado.
| Autores: | , , , |
|---|---|
| Formato: | artículo |
| Fecha de Publicación: | 2020 |
| Institución: | Universidad Peruana de Ciencias Aplicadas |
| Repositorio: | UPC-Institucional |
| Lenguaje: | inglés |
| OAI Identifier: | oai:repositorioacademico.upc.edu.pe:10757/656577 |
| Enlace del recurso: | http://hdl.handle.net/10757/656577 |
| Nivel de acceso: | acceso embargado |
| Materia: | information security ISO/IEC 27004 ISO/IEC 31000 IT Risk Magerit |
| id |
UUPC_0b7422f49802b49b0d2f0fe0c7cad652 |
|---|---|
| oai_identifier_str |
oai:repositorioacademico.upc.edu.pe:10757/656577 |
| network_acronym_str |
UUPC |
| network_name_str |
UPC-Institucional |
| repository_id_str |
2670 |
| dc.title.en_US.fl_str_mv |
Information security risk management model for mitigating the impact on SMEs in Peru |
| title |
Information security risk management model for mitigating the impact on SMEs in Peru |
| spellingShingle |
Information security risk management model for mitigating the impact on SMEs in Peru Garay, Daniel Felipe Carnero information security ISO/IEC 27004 ISO/IEC 31000 IT Risk Magerit |
| title_short |
Information security risk management model for mitigating the impact on SMEs in Peru |
| title_full |
Information security risk management model for mitigating the impact on SMEs in Peru |
| title_fullStr |
Information security risk management model for mitigating the impact on SMEs in Peru |
| title_full_unstemmed |
Information security risk management model for mitigating the impact on SMEs in Peru |
| title_sort |
Information security risk management model for mitigating the impact on SMEs in Peru |
| author |
Garay, Daniel Felipe Carnero |
| author_facet |
Garay, Daniel Felipe Carnero Marcos Antonio, Carbajal Ramos Armas-Aguirre, Jimmy Molina, Juan Manuel Madrid |
| author_role |
author |
| author2 |
Marcos Antonio, Carbajal Ramos Armas-Aguirre, Jimmy Molina, Juan Manuel Madrid |
| author2_role |
author author author |
| dc.contributor.author.fl_str_mv |
Garay, Daniel Felipe Carnero Marcos Antonio, Carbajal Ramos Armas-Aguirre, Jimmy Molina, Juan Manuel Madrid |
| dc.subject.en_US.fl_str_mv |
information security ISO/IEC 27004 ISO/IEC 31000 IT Risk Magerit |
| topic |
information security ISO/IEC 27004 ISO/IEC 31000 IT Risk Magerit |
| description |
El texto completo de este trabajo no está disponible en el Repositorio Académico UPC por restricciones de la casa editorial donde ha sido publicado. |
| publishDate |
2020 |
| dc.date.accessioned.none.fl_str_mv |
2021-06-23T13:53:56Z |
| dc.date.available.none.fl_str_mv |
2021-06-23T13:53:56Z |
| dc.date.issued.fl_str_mv |
2020-06-01 |
| dc.type.en_US.fl_str_mv |
info:eu-repo/semantics/article |
| format |
article |
| dc.identifier.issn.none.fl_str_mv |
21660727 |
| dc.identifier.doi.none.fl_str_mv |
10.23919/CISTI49556.2020.9140980 |
| dc.identifier.uri.none.fl_str_mv |
http://hdl.handle.net/10757/656577 |
| dc.identifier.eissn.none.fl_str_mv |
21660735 |
| dc.identifier.journal.en_US.fl_str_mv |
Iberian Conference on Information Systems and Technologies, CISTI |
| dc.identifier.eid.none.fl_str_mv |
2-s2.0-85089023750 |
| dc.identifier.scopusid.none.fl_str_mv |
SCOPUS_ID:85089023750 |
| dc.identifier.isni.none.fl_str_mv |
0000 0001 2196 144X |
| identifier_str_mv |
21660727 10.23919/CISTI49556.2020.9140980 21660735 Iberian Conference on Information Systems and Technologies, CISTI 2-s2.0-85089023750 SCOPUS_ID:85089023750 0000 0001 2196 144X |
| url |
http://hdl.handle.net/10757/656577 |
| dc.language.iso.en_US.fl_str_mv |
eng |
| language |
eng |
| dc.relation.url.en_US.fl_str_mv |
https://ieeexplore.ieee.org/document/9140980 |
| dc.rights.en_US.fl_str_mv |
info:eu-repo/semantics/embargoedAccess |
| eu_rights_str_mv |
embargoedAccess |
| dc.format.en_US.fl_str_mv |
application/html |
| dc.publisher.en_US.fl_str_mv |
IEEE Computer Society |
| dc.source.es_PE.fl_str_mv |
Repositorio Academico - UPC Universidad Peruana de Ciencias Aplicadas (UPC) |
| dc.source.none.fl_str_mv |
reponame:UPC-Institucional instname:Universidad Peruana de Ciencias Aplicadas instacron:UPC |
| instname_str |
Universidad Peruana de Ciencias Aplicadas |
| instacron_str |
UPC |
| institution |
UPC |
| reponame_str |
UPC-Institucional |
| collection |
UPC-Institucional |
| dc.source.journaltitle.none.fl_str_mv |
Iberian Conference on Information Systems and Technologies, CISTI |
| dc.source.volume.none.fl_str_mv |
2020-June |
| bitstream.url.fl_str_mv |
https://repositorioacademico.upc.edu.pe/bitstream/10757/656577/1/license.txt |
| bitstream.checksum.fl_str_mv |
8a4605be74aa9ea9d79846c1fba20a33 |
| bitstream.checksumAlgorithm.fl_str_mv |
MD5 |
| repository.name.fl_str_mv |
Repositorio académico upc |
| repository.mail.fl_str_mv |
upc@openrepository.com |
| _version_ |
1837188372023476224 |
| spelling |
5e33c0a8aad9f8c4f0e2104571ec1194300ba310cdc859d544439cd40be1aaa32883004832ce656228b995761b32f4527dfa586f49d38bcc83c53ed8844d55afb6b6e3300Garay, Daniel Felipe CarneroMarcos Antonio, Carbajal RamosArmas-Aguirre, JimmyMolina, Juan Manuel Madrid2021-06-23T13:53:56Z2021-06-23T13:53:56Z2020-06-012166072710.23919/CISTI49556.2020.9140980http://hdl.handle.net/10757/65657721660735Iberian Conference on Information Systems and Technologies, CISTI2-s2.0-85089023750SCOPUS_ID:850890237500000 0001 2196 144XEl texto completo de este trabajo no está disponible en el Repositorio Académico UPC por restricciones de la casa editorial donde ha sido publicado.This paper proposes an information security risk management model that allows mitigating the threats to which SMEs in Peru are exposed. According to studies by Ernst Young, 90% of companies in Peru are not prepared to detect security breaches, and 51% have already been attacked. In addition, according to Deloitte, only 10% of companies maintain risk management indicators. The model consists of 3 phases: 1. Inventory the information assets of the company, to conduct the risk analysis of each one; 2. Evaluate treatment that should be given to each risk, 3. Once the controls are implemented, design indicators to help monitor the implemented safeguards. The article focuses on the creation of a model that integrates a standard of risk management across the company with a standard of IS indicators to validate compliance, adding as a contribution the results of implementation in a specific environment. The proposed model was validated in a pharmaceutical SME in Lima, Peru. The results showed a 71% decrease in risk, after applying 15 monitoring and training controls, lowering the status from a critical level to an acceptable level between 1.5 and 2.3, according to the given assessment.Revisión por paresapplication/htmlengIEEE Computer Societyhttps://ieeexplore.ieee.org/document/9140980info:eu-repo/semantics/embargoedAccessRepositorio Academico - UPCUniversidad Peruana de Ciencias Aplicadas (UPC)Iberian Conference on Information Systems and Technologies, CISTI2020-Junereponame:UPC-Institucionalinstname:Universidad Peruana de Ciencias Aplicadasinstacron:UPCinformation securityISO/IEC 27004ISO/IEC 31000IT RiskMageritInformation security risk management model for mitigating the impact on SMEs in Peruinfo:eu-repo/semantics/articleLICENSElicense.txtlicense.txttext/plain; charset=utf-81748https://repositorioacademico.upc.edu.pe/bitstream/10757/656577/1/license.txt8a4605be74aa9ea9d79846c1fba20a33MD51false10757/656577oai:repositorioacademico.upc.edu.pe:10757/6565772021-06-23 13:53:57.431Repositorio académico upcupc@openrepository.comTk9URTogUExBQ0UgWU9VUiBPV04gTElDRU5TRSBIRVJFClRoaXMgc2FtcGxlIGxpY2Vuc2UgaXMgcHJvdmlkZWQgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seS4KCk5PTi1FWENMVVNJVkUgRElTVFJJQlVUSU9OIExJQ0VOU0UKCkJ5IHNpZ25pbmcgYW5kIHN1Ym1pdHRpbmcgdGhpcyBsaWNlbnNlLCB5b3UgKHRoZSBhdXRob3Iocykgb3IgY29weXJpZ2h0Cm93bmVyKSBncmFudHMgdG8gRFNwYWNlIFVuaXZlcnNpdHkgKERTVSkgdGhlIG5vbi1leGNsdXNpdmUgcmlnaHQgdG8gcmVwcm9kdWNlLAp0cmFuc2xhdGUgKGFzIGRlZmluZWQgYmVsb3cpLCBhbmQvb3IgZGlzdHJpYnV0ZSB5b3VyIHN1Ym1pc3Npb24gKGluY2x1ZGluZwp0aGUgYWJzdHJhY3QpIHdvcmxkd2lkZSBpbiBwcmludCBhbmQgZWxlY3Ryb25pYyBmb3JtYXQgYW5kIGluIGFueSBtZWRpdW0sCmluY2x1ZGluZyBidXQgbm90IGxpbWl0ZWQgdG8gYXVkaW8gb3IgdmlkZW8uCgpZb3UgYWdyZWUgdGhhdCBEU1UgbWF5LCB3aXRob3V0IGNoYW5naW5nIHRoZSBjb250ZW50LCB0cmFuc2xhdGUgdGhlCnN1Ym1pc3Npb24gdG8gYW55IG1lZGl1bSBvciBmb3JtYXQgZm9yIHRoZSBwdXJwb3NlIG9mIHByZXNlcnZhdGlvbi4KCllvdSBhbHNvIGFncmVlIHRoYXQgRFNVIG1heSBrZWVwIG1vcmUgdGhhbiBvbmUgY29weSBvZiB0aGlzIHN1Ym1pc3Npb24gZm9yCnB1cnBvc2VzIG9mIHNlY3VyaXR5LCBiYWNrLXVwIGFuZCBwcmVzZXJ2YXRpb24uCgpZb3UgcmVwcmVzZW50IHRoYXQgdGhlIHN1Ym1pc3Npb24gaXMgeW91ciBvcmlnaW5hbCB3b3JrLCBhbmQgdGhhdCB5b3UgaGF2ZQp0aGUgcmlnaHQgdG8gZ3JhbnQgdGhlIHJpZ2h0cyBjb250YWluZWQgaW4gdGhpcyBsaWNlbnNlLiBZb3UgYWxzbyByZXByZXNlbnQKdGhhdCB5b3VyIHN1Ym1pc3Npb24gZG9lcyBub3QsIHRvIHRoZSBiZXN0IG9mIHlvdXIga25vd2xlZGdlLCBpbmZyaW5nZSB1cG9uCmFueW9uZSdzIGNvcHlyaWdodC4KCklmIHRoZSBzdWJtaXNzaW9uIGNvbnRhaW5zIG1hdGVyaWFsIGZvciB3aGljaCB5b3UgZG8gbm90IGhvbGQgY29weXJpZ2h0LAp5b3UgcmVwcmVzZW50IHRoYXQgeW91IGhhdmUgb2J0YWluZWQgdGhlIHVucmVzdHJpY3RlZCBwZXJtaXNzaW9uIG9mIHRoZQpjb3B5cmlnaHQgb3duZXIgdG8gZ3JhbnQgRFNVIHRoZSByaWdodHMgcmVxdWlyZWQgYnkgdGhpcyBsaWNlbnNlLCBhbmQgdGhhdApzdWNoIHRoaXJkLXBhcnR5IG93bmVkIG1hdGVyaWFsIGlzIGNsZWFybHkgaWRlbnRpZmllZCBhbmQgYWNrbm93bGVkZ2VkCndpdGhpbiB0aGUgdGV4dCBvciBjb250ZW50IG9mIHRoZSBzdWJtaXNzaW9uLgoKSUYgVEhFIFNVQk1JU1NJT04gSVMgQkFTRUQgVVBPTiBXT1JLIFRIQVQgSEFTIEJFRU4gU1BPTlNPUkVEIE9SIFNVUFBPUlRFRApCWSBBTiBBR0VOQ1kgT1IgT1JHQU5JWkFUSU9OIE9USEVSIFRIQU4gRFNVLCBZT1UgUkVQUkVTRU5UIFRIQVQgWU9VIEhBVkUKRlVMRklMTEVEIEFOWSBSSUdIVCBPRiBSRVZJRVcgT1IgT1RIRVIgT0JMSUdBVElPTlMgUkVRVUlSRUQgQlkgU1VDSApDT05UUkFDVCBPUiBBR1JFRU1FTlQuCgpEU1Ugd2lsbCBjbGVhcmx5IGlkZW50aWZ5IHlvdXIgbmFtZShzKSBhcyB0aGUgYXV0aG9yKHMpIG9yIG93bmVyKHMpIG9mIHRoZQpzdWJtaXNzaW9uLCBhbmQgd2lsbCBub3QgbWFrZSBhbnkgYWx0ZXJhdGlvbiwgb3RoZXIgdGhhbiBhcyBhbGxvd2VkIGJ5IHRoaXMKbGljZW5zZSwgdG8geW91ciBzdWJtaXNzaW9uLgo= |
| score |
13.927358 |
Nota importante:
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
