Metodología para Análisis y Gestión de Riesgos Dinámicos basados en ISO27001 (Methodology for Dynamic Analysis and Risk Management on ISO27001)

Antonio Sántos Olmo Parra (asolmo@sicaman-nt.com)1, Luis Enrique Sánchez Crespo (luisenrique@sanchezcrespo.org)4, Esther Álvarez (Ealvarez@in-nova.org)2, Monica Huerta (mhuerta@ieee.org)3, Eduardo Fernandez Medina Paton (Eduardo.FdezMedina@uclm.es)4


1Sicaman Nuevas Tecnologías, Dpto. I+D+i
2Fundación In-Nova
3Universidad Politécnica Salesiana, Proyecto Prometeo de la SENESCYT
4Grupo de Investigación GSyA, Universidad de Castilla-la Mancha

This paper appears in: Revista IEEE América Latina

Publication Date: June 2016
Volume: 14,   Issue: 6 
ISSN: 1548-0992


Abstract:
The information society is increasingly dependent Information Systems Security Management (ISMS) and knowledge of the security risks associated with its assets value. However, very few risk analysis methodologies have been raised as to create systems to analyze risks in a quick and economical, and which in turn can leave this system dynamically update. This paper presents a new methodology, called MARISMA, aimed at carrying out a risk analysis simplified and dynamic, which is valid for all companies, including SMEs, and to provide solutions to the problems identified during the application of the scientific method "Action Research". This methodology is being applied directly to real cases, thus achieving a constant improvement of its processes.

Index Terms:
Cibersecurity, Information Systems Security Management, ISMS, Risk Analysis, SME, ISO27001, ISO27002, ISO27005, Magerit   


Documents that cite this document
This function is not implemented yet.


[PDF Full-Text (1008)]