Maturity Model for the Risk Analysis of Information Assets based on Methodologies MAGERIT, OCTAVE y MEHARI; focused on Shipping Companies

Abstract

The aim of this essay is the proposal of a Maturity Model for the risk analysis of information assets in shipping companies, which provides opportunities for technological and consequently business improvement, based on the best practices of MAGERIT, OCTAVE and MEHARI methodologies. The proposed model is based on literature review about main risk concepts; for its design those defined in the Capability Maturity Model Integration (CMMI) structure were established as maturity levels; in addition, a control map was defined to guide compliance by levels to incorporate the selected best practices. The resulting model has been validated by a group of experts using the Delphi technique, in order to obtain a quantitative assessment of its applicability in the shipping companies. As a main result, it was obtained that the model involves the execution of a formalized risk analysis process and with proactive techniques for the shipping entities.