Towards an integrated risk analysis security framework according to a systematic analysis of existing proposals

IF 3.4 3区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Antonio Santos-Olmo, Luis Enrique Sánchez, David G. Rosado, Manuel A. Serrano, Carlos Blanco, Haralambos Mouratidis, Eduardo Fernández-Medina
{"title":"Towards an integrated risk analysis security framework according to a systematic analysis of existing proposals","authors":"Antonio Santos-Olmo, Luis Enrique Sánchez, David G. Rosado, Manuel A. Serrano, Carlos Blanco, Haralambos Mouratidis, Eduardo Fernández-Medina","doi":"10.1007/s11704-023-1582-6","DOIUrl":null,"url":null,"abstract":"<p>The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets. The availability of these systems is now vital for the protection and evolution of companies. However, several factors have led to an increasing need for more accurate risk analysis approaches. These are: the speed at which technologies evolve, their global impact and the growing requirement for companies to collaborate. Risk analysis processes must consequently adapt to these new circumstances and new technological paradigms. The objective of this paper is, therefore, to present the results of an exhaustive analysis of the techniques and methods offered by the scientific community with the aim of identifying their main weaknesses and providing a new risk assessment and management process. This analysis was carried out using the systematic review protocol and found that these proposals do not fully meet these new needs. The paper also presents a summary of MARISMA, the risk analysis and management framework designed by our research group. The basis of our framework is the main existing risk standards and proposals, and it seeks to address the weaknesses found in these proposals. MARISMA is in a process of continuous improvement, as is being applied by customers in several European and American countries. It consists of a risk data management module, a methodology for its systematic application and a tool that automates the process.</p>","PeriodicalId":12640,"journal":{"name":"Frontiers of Computer Science","volume":"286 1","pages":""},"PeriodicalIF":3.4000,"publicationDate":"2023-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Frontiers of Computer Science","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s11704-023-1582-6","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets. The availability of these systems is now vital for the protection and evolution of companies. However, several factors have led to an increasing need for more accurate risk analysis approaches. These are: the speed at which technologies evolve, their global impact and the growing requirement for companies to collaborate. Risk analysis processes must consequently adapt to these new circumstances and new technological paradigms. The objective of this paper is, therefore, to present the results of an exhaustive analysis of the techniques and methods offered by the scientific community with the aim of identifying their main weaknesses and providing a new risk assessment and management process. This analysis was carried out using the systematic review protocol and found that these proposals do not fully meet these new needs. The paper also presents a summary of MARISMA, the risk analysis and management framework designed by our research group. The basis of our framework is the main existing risk standards and proposals, and it seeks to address the weaknesses found in these proposals. MARISMA is in a process of continuous improvement, as is being applied by customers in several European and American countries. It consists of a risk data management module, a methodology for its systematic application and a tool that automates the process.

在系统分析现有安全框架的基础上,提出了一个综合风险分析的建议
信息社会越来越依赖风险评估和管理系统作为充分保护其关键信息资产的手段。这些系统的可用性现在对公司的保护和发展至关重要。然而,有几个因素导致越来越需要更准确的风险分析方法。它们是:技术发展的速度、它们对全球的影响,以及企业之间日益增长的合作需求。因此,风险分析过程必须适应这些新的环境和新的技术范例。因此,本文的目的是提出对科学界提供的技术和方法进行详尽分析的结果,以确定其主要弱点并提供新的风险评估和管理过程。这项分析是使用系统审查方案进行的,发现这些建议不能完全满足这些新的需求。本文还介绍了本研究组设计的风险分析和管理框架MARISMA的概况。我们的框架的基础是主要的现有风险标准和建议,它寻求解决这些建议中发现的弱点。MARISMA正处于不断改进的过程中,并被多个欧美国家的客户所应用。它包括一个风险数据管理模块,一个系统应用的方法和一个自动化过程的工具。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Frontiers of Computer Science
Frontiers of Computer Science COMPUTER SCIENCE, INFORMATION SYSTEMS-COMPUTER SCIENCE, SOFTWARE ENGINEERING
CiteScore
8.60
自引率
2.40%
发文量
799
审稿时长
6-12 weeks
期刊介绍: Frontiers of Computer Science aims to provide a forum for the publication of peer-reviewed papers to promote rapid communication and exchange between computer scientists. The journal publishes research papers and review articles in a wide range of topics, including: architecture, software, artificial intelligence, theoretical computer science, networks and communication, information systems, multimedia and graphics, information security, interdisciplinary, etc. The journal especially encourages papers from new emerging and multidisciplinary areas, as well as papers reflecting the international trends of research and development and on special topics reporting progress made by Chinese computer scientists.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信