Chris García-Porras, Sarita Huamani-Pastor, Jimmy Armas-Aguirre
{"title":"秘鲁中小企业信息安全风险管理模式","authors":"Chris García-Porras, Sarita Huamani-Pastor, Jimmy Armas-Aguirre","doi":"10.1109/SHIRCON.2018.8592994","DOIUrl":null,"url":null,"abstract":"In this paper, we propose a risk management model of information security for Peruvian SMEs, taking as reference the OCTAVE-S methodology and the ISO / IEC 27005 standard. The model consists of the 3 phases of OCTAVE-S (Construction of the threats profile, Identification of infrastructure vulnerabilities, and Strategies and security plans). This model contains the contemplated lists of ISO / IEC 27005, it also contains the calculation and the risk treatment of this standard. Likewise, the model adopts a quantitative approach that allows calculating the residual risk, for example, the most critical asset identified obtained 216 of risk value and the residual risk obtained was 109 of risk value, this is obtained on the basis of the effectiveness of the controls that are part of the proposed model, for example, formalize procedures and policies and their occasional review. This model provides guidelines for information security risks for companies. It was implemented in the sales process of a Peruvian SME of the ceramic sector, proving to be easy to use and it was possible to identify the necessary controls to reduce the risk, whose implementation reduces the risk by 53%.","PeriodicalId":408525,"journal":{"name":"2018 IEEE Sciences and Humanities International Research Conference (SHIRCON)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Information Security Risk Management Model for Peruvian SMEs\",\"authors\":\"Chris García-Porras, Sarita Huamani-Pastor, Jimmy Armas-Aguirre\",\"doi\":\"10.1109/SHIRCON.2018.8592994\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we propose a risk management model of information security for Peruvian SMEs, taking as reference the OCTAVE-S methodology and the ISO / IEC 27005 standard. The model consists of the 3 phases of OCTAVE-S (Construction of the threats profile, Identification of infrastructure vulnerabilities, and Strategies and security plans). This model contains the contemplated lists of ISO / IEC 27005, it also contains the calculation and the risk treatment of this standard. Likewise, the model adopts a quantitative approach that allows calculating the residual risk, for example, the most critical asset identified obtained 216 of risk value and the residual risk obtained was 109 of risk value, this is obtained on the basis of the effectiveness of the controls that are part of the proposed model, for example, formalize procedures and policies and their occasional review. This model provides guidelines for information security risks for companies. It was implemented in the sales process of a Peruvian SME of the ceramic sector, proving to be easy to use and it was possible to identify the necessary controls to reduce the risk, whose implementation reduces the risk by 53%.\",\"PeriodicalId\":408525,\"journal\":{\"name\":\"2018 IEEE Sciences and Humanities International Research Conference (SHIRCON)\",\"volume\":\"22 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE Sciences and Humanities International Research Conference (SHIRCON)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SHIRCON.2018.8592994\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE Sciences and Humanities International Research Conference (SHIRCON)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SHIRCON.2018.8592994","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Information Security Risk Management Model for Peruvian SMEs
In this paper, we propose a risk management model of information security for Peruvian SMEs, taking as reference the OCTAVE-S methodology and the ISO / IEC 27005 standard. The model consists of the 3 phases of OCTAVE-S (Construction of the threats profile, Identification of infrastructure vulnerabilities, and Strategies and security plans). This model contains the contemplated lists of ISO / IEC 27005, it also contains the calculation and the risk treatment of this standard. Likewise, the model adopts a quantitative approach that allows calculating the residual risk, for example, the most critical asset identified obtained 216 of risk value and the residual risk obtained was 109 of risk value, this is obtained on the basis of the effectiveness of the controls that are part of the proposed model, for example, formalize procedures and policies and their occasional review. This model provides guidelines for information security risks for companies. It was implemented in the sales process of a Peruvian SME of the ceramic sector, proving to be easy to use and it was possible to identify the necessary controls to reduce the risk, whose implementation reduces the risk by 53%.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
