Valoracion y Reduccion de Riesgos de Seguridad de la Informacion en TELCO, con el uso de DSR (DSR Approach to Assessment and Reduction of Information Security Risk in TELCO)

Carlos Montenegro (carlos.montenegro@epn.edu.ec)1, Mario Murillo (mario@gengiscan.com)2, Freddy Gallegos (freddy.gallegos@cordicom.gob.ec)3, Jose Albuja (jnalbuja@espe.edu.ec)4


1Escuela Politécnica Nacional - EPN
2GengisCan S.R.L
3CORDICOM
4Universidad de las Fuerzas Armadas - ESPE

This paper appears in: Revista IEEE América Latina

Publication Date: May 2016
Volume: 14,   Issue: 5 
ISSN: 1548-0992


Abstract:
Using the paradigm DSR, we design and evaluate an artifact of model type, useful for assessment and reduction of information security risk, applicable to Telecommunications Operator (TELCO). DSR prescribes the use of the Design and Evaluation phases, as well as compliance of a set of implementation guidelines. In the phases, we use considerations of ICT Governance and Management through applying reference models. So, the Risk Assessment Method identifies critical business process, as information assets, and assesses their risk by combining contents from COBIT 5, eTOM Level 2 and ISO 27011; the Risk Reduction Method defines the Guides for Risk Reduction that contain controls, selected by combining COBIT for Information Security and ISO 27011. In the Evaluation Phase, a case study in an important Ecuadorian TELCO is developed; it lets discuss regarding features and implementation experiences of developed model, as well as of research paradigm used.

Index Terms:
DSR, Information Security Risk, TELCO, eTOM, COBIT 5, ISO 27011   


Documents that cite this document
This function is not implemented yet.


[PDF Full-Text (359)]