Valoracion y Reduccion de Riesgos de Seguridad de la Informacion en TELCO, con el uso de DSR
(DSR Approach to Assessment and Reduction of Information Security Risk in TELCO)
Carlos Montenegro (email@example.com)1, Mario Murillo (firstname.lastname@example.org)2, Freddy Gallegos (email@example.com)3, Jose Albuja (firstname.lastname@example.org)4
1Escuela Politécnica Nacional - EPN2GengisCan S.R.L3CORDICOM4Universidad de las Fuerzas Armadas - ESPE
This paper appears in: Revista IEEE América Latina
Publication Date: May 2016
Volume: 14, Issue: 5
Using the paradigm DSR, we design and evaluate an artifact of model type, useful for assessment and reduction of information security risk, applicable to Telecommunications Operator (TELCO). DSR prescribes the use of the Design and Evaluation phases, as well as compliance of a set of implementation guidelines. In the phases, we use considerations of ICT Governance and Management through applying reference models. So, the Risk Assessment Method identifies critical business process, as information assets, and assesses their risk by combining contents from COBIT 5, eTOM Level 2 and ISO 27011; the Risk Reduction Method defines the Guides for Risk Reduction that contain controls, selected by combining COBIT for Information Security and ISO 27011. In the Evaluation Phase, a case study in an important Ecuadorian TELCO is developed; it lets discuss regarding features and implementation experiences of developed model, as well as of research paradigm used.
DSR, Information Security Risk, TELCO, eTOM, COBIT 5, ISO 27011
Documents that cite this
This function is not implemented yet.
[PDF Full-Text (359)]