{"title":"基于MAGERIT、OCTAVE和MEHARI方法的信息资产风险分析成熟度模型专注于航运公司","authors":"Fresia Yanina Holguín García, Lohana Mariella Lema Moreta","doi":"10.1109/CIMPS.2018.8625848","DOIUrl":null,"url":null,"abstract":"The aim of this essay is the proposal of a Maturity Model for the risk analysis of information assets in shipping companies, which provides opportunities for technological and consequently business improvement, based on the best practices of MAGERIT, OCTAVE and MEHARI methodologies. The proposed model is based on literature review about main risk concepts; for its design those defined in the Capability Maturity Model Integration (CMMI) structure were established as maturity levels; in addition, a control map was defined to guide compliance by levels to incorporate the selected best practices. The resulting model has been validated by a group of experts using the Delphi technique, in order to obtain a quantitative assessment of its applicability in the shipping companies. As a main result, it was obtained that the model involves the execution of a formalized risk analysis process and with proactive techniques for the shipping entities.","PeriodicalId":159915,"journal":{"name":"2018 7th International Conference On Software Process Improvement (CIMPS)","volume":"305 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Maturity Model for the Risk Analysis of Information Assets based on Methodologies MAGERIT, OCTAVE y MEHARI; focused on Shipping Companies\",\"authors\":\"Fresia Yanina Holguín García, Lohana Mariella Lema Moreta\",\"doi\":\"10.1109/CIMPS.2018.8625848\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The aim of this essay is the proposal of a Maturity Model for the risk analysis of information assets in shipping companies, which provides opportunities for technological and consequently business improvement, based on the best practices of MAGERIT, OCTAVE and MEHARI methodologies. The proposed model is based on literature review about main risk concepts; for its design those defined in the Capability Maturity Model Integration (CMMI) structure were established as maturity levels; in addition, a control map was defined to guide compliance by levels to incorporate the selected best practices. The resulting model has been validated by a group of experts using the Delphi technique, in order to obtain a quantitative assessment of its applicability in the shipping companies. As a main result, it was obtained that the model involves the execution of a formalized risk analysis process and with proactive techniques for the shipping entities.\",\"PeriodicalId\":159915,\"journal\":{\"name\":\"2018 7th International Conference On Software Process Improvement (CIMPS)\",\"volume\":\"305 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 7th International Conference On Software Process Improvement (CIMPS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CIMPS.2018.8625848\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 7th International Conference On Software Process Improvement (CIMPS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CIMPS.2018.8625848","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Maturity Model for the Risk Analysis of Information Assets based on Methodologies MAGERIT, OCTAVE y MEHARI; focused on Shipping Companies
The aim of this essay is the proposal of a Maturity Model for the risk analysis of information assets in shipping companies, which provides opportunities for technological and consequently business improvement, based on the best practices of MAGERIT, OCTAVE and MEHARI methodologies. The proposed model is based on literature review about main risk concepts; for its design those defined in the Capability Maturity Model Integration (CMMI) structure were established as maturity levels; in addition, a control map was defined to guide compliance by levels to incorporate the selected best practices. The resulting model has been validated by a group of experts using the Delphi technique, in order to obtain a quantitative assessment of its applicability in the shipping companies. As a main result, it was obtained that the model involves the execution of a formalized risk analysis process and with proactive techniques for the shipping entities.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
