Information security risk management model: A state of the art review
DOI:
https://doi.org/10.15381/rpcs.v2i2.17103Keywords:
Risk, risk management, information security, ISO / IEC 27001Abstract
Both public and private organizations are going through dynamic scenarios with the emergence and inrush of new information technologies, making an increasingly intensive use of information. When analyzing the processes and interrelationships of these organizations with the information resources they access, it is essential to consider the new risks to which organizations are exposed. This requires developing risk management strategies that facilitate the analysis, identification and treatment of the risks associated with information assets in order to find ways to minimize the negative impact. In this scenario, the use of risk management models that simplify and systematize these tasks are useful.
The present study includes a review of the literature referring to risk management frameworks, models and methodologies, to identify the activities, elements and components to develop for the development of a risk management model oriented to information security, which allows covering issues related to information security, cybersecurity and compliance with the particular requirements of the organization for the development of a model aligned to the needs and requirements of an organization.
Downloads
Published
Issue
Section
License
Copyright (c) 2020 Mauro Nestor Zevallos Morales
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
THE AUTHORS RETAIN THEIR RIGHTS:
(a) The authors retain their trademark and patent rights, and also over any process or procedure described in the article.
(b) The authors retain the right to share, copy, distribute, execute and publicly communicate the article published in the Revista Peruana de Computación y Sistemas (for example, place it in an institutional repository or publish it in a book), with acknowledgment of its initial publication in Revista Peruana de Computación y Sistemas.
(c) Authors retain the right to make a subsequent publication of their work, to use the article or any part of it (for example: a compilation of their work, lecture notes, thesis, or for a book), provided that they indicate the source. of publication (authors of the work, magazine, volume, number and date).
