Methodology for Dynamic Analysis and Risk Management on ISO27001

Antonio Santos Olmo Parra, Luis Enrique Sanchez Crespo, Esther Alvarez, Monica Huerta, Eduardo Fernandez Medina Paton

Research output: Contribution to journalArticlepeer-review

5 Scopus citations


The information society is increasingly dependent Information Systems Security Management (ISMS) and knowledge of the security risks associated with its assets value. However, very few risk analysis methodologies have been raised as to create systems to analyze risks in a quick and economical, and which in turn can leave this system dynamically update. This paper presents a new methodology, called MARISMA, aimed at carrying out a risk analysis simplified and dynamic, which is valid for all companies, including SMEs, and to provide solutions to the problems identified during the application of the scientific method «Action Research». This methodology is being applied directly to real cases, thus achieving a constant improvement of its processes.

Original languageEnglish
Article number7555273
Pages (from-to)2897-2911
Number of pages15
JournalIeee Latin America Transactions
Issue number6
StatePublished - Jun 2016

Bibliographical note

Publisher Copyright:
© 2016 IEEE.


  • Cibersecurity
  • Information Systems Security Management
  • ISMS
  • ISO27001
  • ISO27002
  • ISO27005
  • Magerit
  • Risk Analysis
  • SME


Dive into the research topics of 'Methodology for Dynamic Analysis and Risk Management on ISO27001'. Together they form a unique fingerprint.

Cite this