Methodology for Dynamic Analysis and Risk Management on ISO27001

Antonio Santos Olmo Parra; Luis Enrique Sanchez Crespo; Esther Alvarez; Monica Huerta; Eduardo Fernandez Medina Paton

doi:10.1109/TLA.2016.7555273

Methodology for Dynamic Analysis and Risk Management on ISO27001

Antonio Santos Olmo Parra, Luis Enrique Sanchez Crespo, Esther Alvarez, Monica Huerta, Eduardo Fernandez Medina Paton

Grupo de Investigación en Telecomunicaciones y Telemática (GITEL)

Producción científica: Contribución a una revista › Artículo › revisión exhaustiva

7 Citas (Scopus)

Resumen

The information society is increasingly dependent Information Systems Security Management (ISMS) and knowledge of the security risks associated with its assets value. However, very few risk analysis methodologies have been raised as to create systems to analyze risks in a quick and economical, and which in turn can leave this system dynamically update. This paper presents a new methodology, called MARISMA, aimed at carrying out a risk analysis simplified and dynamic, which is valid for all companies, including SMEs, and to provide solutions to the problems identified during the application of the scientific method «Action Research». This methodology is being applied directly to real cases, thus achieving a constant improvement of its processes.

Idioma original	Inglés
Número de artículo	7555273
Páginas (desde-hasta)	2897-2911
Número de páginas	15
Publicación	Ieee Latin America Transactions
Volumen	14
N.º	6
DOI	https://doi.org/10.1109/TLA.2016.7555273
Estado	Publicada - jun. 2016

Nota bibliográfica

Publisher Copyright:
© 2016 IEEE.

Acceder al documento

10.1109/TLA.2016.7555273

Otros archivos y enlaces

http://www.scopus.com/inward/record.url?scp=84986216582&partnerID=8YFLogxK

Citar esto

@article{16fd401cb597442288c8037eef40d0b6,

title = "Methodology for Dynamic Analysis and Risk Management on ISO27001",

abstract = "The information society is increasingly dependent Information Systems Security Management (ISMS) and knowledge of the security risks associated with its assets value. However, very few risk analysis methodologies have been raised as to create systems to analyze risks in a quick and economical, and which in turn can leave this system dynamically update. This paper presents a new methodology, called MARISMA, aimed at carrying out a risk analysis simplified and dynamic, which is valid for all companies, including SMEs, and to provide solutions to the problems identified during the application of the scientific method «Action Research». This methodology is being applied directly to real cases, thus achieving a constant improvement of its processes.",

keywords = "Cibersecurity, Information Systems Security Management, ISMS, ISO27001, ISO27002, ISO27005, Magerit, Risk Analysis, SME",

author = "{Santos Olmo Parra}, Antonio and {Sanchez Crespo}, {Luis Enrique} and Esther Alvarez and Monica Huerta and {Fernandez Medina Paton}, Eduardo",

note = "Publisher Copyright: {\textcopyright} 2016 IEEE.",

year = "2016",

month = jun,

doi = "10.1109/TLA.2016.7555273",

language = "English",

volume = "14",

pages = "2897--2911",

journal = "Ieee Latin America Transactions",

issn = "1548-0992",

publisher = "IEEE Computer Society",

number = "6",

}

TY - JOUR

T1 - Methodology for Dynamic Analysis and Risk Management on ISO27001

AU - Santos Olmo Parra, Antonio

AU - Sanchez Crespo, Luis Enrique

AU - Alvarez, Esther

AU - Huerta, Monica

AU - Fernandez Medina Paton, Eduardo

PY - 2016/6

Y1 - 2016/6

N2 - The information society is increasingly dependent Information Systems Security Management (ISMS) and knowledge of the security risks associated with its assets value. However, very few risk analysis methodologies have been raised as to create systems to analyze risks in a quick and economical, and which in turn can leave this system dynamically update. This paper presents a new methodology, called MARISMA, aimed at carrying out a risk analysis simplified and dynamic, which is valid for all companies, including SMEs, and to provide solutions to the problems identified during the application of the scientific method «Action Research». This methodology is being applied directly to real cases, thus achieving a constant improvement of its processes.

AB - The information society is increasingly dependent Information Systems Security Management (ISMS) and knowledge of the security risks associated with its assets value. However, very few risk analysis methodologies have been raised as to create systems to analyze risks in a quick and economical, and which in turn can leave this system dynamically update. This paper presents a new methodology, called MARISMA, aimed at carrying out a risk analysis simplified and dynamic, which is valid for all companies, including SMEs, and to provide solutions to the problems identified during the application of the scientific method «Action Research». This methodology is being applied directly to real cases, thus achieving a constant improvement of its processes.

KW - Cibersecurity

KW - Information Systems Security Management

KW - ISMS

KW - ISO27001

KW - ISO27002

KW - ISO27005

KW - Magerit

KW - Risk Analysis

KW - SME

UR - http://www.scopus.com/inward/record.url?scp=84986216582&partnerID=8YFLogxK

U2 - 10.1109/TLA.2016.7555273

DO - 10.1109/TLA.2016.7555273

M3 - Article

AN - SCOPUS:84986216582

SN - 1548-0992

VL - 14

SP - 2897

EP - 2911

JO - Ieee Latin America Transactions

JF - Ieee Latin America Transactions

IS - 6

M1 - 7555273

ER -

Methodology for Dynamic Analysis and Risk Management on ISO27001

Resumen

Nota bibliográfica

Acceder al documento

Otros archivos y enlaces

Huella

Citar esto