Information security risk management model for Peruvian PYMES
Descripción del Articulo
Nowadays, companies seek to protect their information because it is a very valuable asset. In order to protect it, it is necessary to manage the risks, which will prevent scenarios that generate a negative impact such as significant financial losses, violation of the confidentiality of sensitive inf...
| Autores: | , , |
|---|---|
| Formato: | artículo |
| Fecha de Publicación: | 2018 |
| Institución: | Universidad Nacional Mayor de San Marcos |
| Repositorio: | Revistas - Universidad Nacional Mayor de San Marcos |
| Lenguaje: | español |
| OAI Identifier: | oai:ojs.csi.unmsm:article/14856 |
| Enlace del recurso: | https://revistasinvestigacion.unmsm.edu.pe/index.php/rpcsis/article/view/14856 |
| Nivel de acceso: | acceso abierto |
| Materia: | Gestión de riesgos Seguridad de la Información Pymes OCTAVE ISO/IEC 27005. Risk Management Security Information SMES |
| Sumario: | Nowadays, companies seek to protect their information because it is a very valuable asset. In order to protect it, it is necessary to manage the risks, which will prevent scenarios that generate a negative impact such as significant financial losses, violation of the confidentiality of sensitive information, loss of integrity, or the availability of confidential information. Organizations such as SMEs do not implement risk management models because they do not care about allocating a budget for information security. There are different approaches that are used to manage the risks, but, in general, these focus on big companies. However, those that target SMEs have a qualitative approach. This paper presents a suitable risk management model, based on the OCTAVE-S methodology and the standard ISO/IEC 27005, it consists of the 3 phases of OCTAVE to which is added the list of vulnerabilities and scenarios in phase 1, as well as the calculation and treatment of the risk of ISO/IEC 27005 in the last phase. Likewise, the model takes a quantitative approach that allows to calculate the residual risk based on the effectiveness of the controls given, creating a suitable model for the organizations, in order to and, therefore, to facilitate decision making. This model has been applied in a Peruvian clay-ceramic industry SME in its sales process, showing its easy use and managing to identify the necessary controls to reduce the risk, whose implementation could reduce the risk by 53%. |
|---|
Nota importante:
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
