scholarly journals ESTUDIO COMPARATIVO ENTRE LAS METODOLOGÍAS CRAMM Y MAGERIT PARA LA GESTIÓN DE RIESGO DE TI EN LAS MPYMES

UDA AKADEM ◽  
2018 ◽  
pp. 38-47
Author(s):  
Esteban Crespo-Martínez ◽  
Geovanna Cordero-Torres
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Risk Analysis ◽  
Reference Frames ◽  
Security Risk ◽  
Project Proposal ◽  
Palabras Clave ◽  
Security Risk Management ◽  
Iso 27001 ◽  
Risk Analysis And Management

Lograr el objetivo de proponer una metodología de seguridad de la información para la gestión del riesgoinformático, aplicable al entorno empresarial y organizacional, del sector MPYME ecuatoriano, requiere del análisis de las metodologías Magerit y CRAMM (CCTA Risk Analysis and Management Method), las mismas que son internacionalmente utilizadas en la gestión del riesgo de información; contemplando los marcos de referencia que contienen las mejores prácticas de la industria: ISO 27001, 27002, 27005 y 31000.Palabras clave: riesgos, gestión, Magerit, CRAMM, tecnologías de información, TI, seguridad, información, SGSI.AbstractThis paper aims to study the CRAMM (CCTA Risk Analysis and Manage ment Method) and Magerit methodologies used in information risk management. It contemplates international reference frames that contain the best practices in the industry: ISO 27001, 27002, 27005 and 31000.This research is part of a project proposal of “Methodology for information security risk management, applicable to MSMEs” applicable to the Ecuadorian environment. Keywords: Risk, Management, Magerit, CRAMM, Information Technology, IT, Information Security, ISMS.  

Research on Method of Information System Information Security Risk Management

2014 ◽  
Vol 926-930 ◽  
pp. 4105-4109
Author(s):  
Xiao Li Cao
Keyword(s):  
Information System ◽  
Risk Management ◽  
Information Systems ◽  
Information Security ◽  
Risk Analysis ◽  
Management Approach ◽  
Security Risk ◽  
System Risk ◽  
Information Security Risk ◽  
Security Risk Management

With the popularity of the Internet and global information continues to advance organizational information systems have become an important strategic resource for the survival of the importance of information security to protect its widespread concern. Once the information security organization information system is destroyed, the Organization for Security attribute information would cause tremendous impact the organization's business operation, the losses include not only economic, but also likely to organize image, reputation is a strategic competitive advantage even fatal injuries. However, the existing information systems of information security risk management approach to information system risk analysis and assessment with specific organizational environment and business background with fragmentation, lack of risk analysis and description of the formation process, carried only consider "technical" factors security decisions, lack of full expression to achieve the desired goal of a number of decisions on organizational decision-making. Therefore, the information system to carry information security risk management is essential.

scholarly journals Methodology and algorithm of information security risk management for local infrastructure

2018 ◽  
Vol 325 ◽  
pp. 399-410
Author(s):  
Bulai Rodica ◽  
Ciorbă Dumitru ◽  
Poştaru Andrei ◽  
Rostislav Călin
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Risk Analysis ◽  
Management Practices ◽  
Security Requirements ◽  
Security Risk ◽  
Information Management Systems ◽  
Efficient Information ◽  
Information Security Risk ◽  
Security Risk Management

The complexity of information security does not resume to mere technicality, transferring significant liability to proper management. Risk analysis in information security is a powerful tool that comes in handy for managers in making decisions about the implementation of efficient information management systems, in order to achieve the organization's mission. As a part of risk management, risk analysis is the systematic implementation of methods, techniques and management practices to assess the context, identify, analyze, evaluate, treat, monitor and communicate the risks for the information security and systems through which they are processed, stored or transmitted. The ISO/IEC 27005:2011 – Information security risk management, does not specify any particular method for managing the risks associated with information security, but a general approach. It is up to the organization to devise control objectives that would reflect specific approaches to risk management and the degree of assurance required. There are several models, methodologies and tools amongst which those like CRAMM (United Kingdom, Insight Consulting), Risicare/Mehari (France, Clusif), GSTool (Germany, ITGrundschutz). The theoretical model of the mentioned methodologies is hard to put in practice without experience required from the members of the risk analysis team. Using the appropriate risk assessment solution, an organization can devise its own security requirements.

scholarly journals EVALUATION OF INFORMATION SECURITY RISK MANAGEMENT USING COBIT 5 SUBDOMAIN EDM03 (ENSURE RISK OPTIMIZATION)

2018 ◽  
Vol 2 (1) ◽  
pp. 12-21
Author(s):  
Fransisca Tiarawati Riadi ◽  
Augie David Manuputty ◽  
Alhadi Saputra
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Security Risk ◽  
Risk Optimization ◽  
Iso 31000 ◽  
Information Security Risk ◽  
Level 1 ◽  
Security Risk Management

Pentingnya penggunaan Teknologi Informasi (TI) tidak bisa dipisahkan dari risiko-risiko yang akan mungkin terjadi. Satuan organisasi XYZ sendiri telah menerapkan manajemen risiko keamanan informasi menggunakan standar ISO 31000:2009 untuk meminimalisir risiko-risiko tersebut. Penerapan manajemen risiko keamanan informasi dilakukan agar satuan organisasi XYZ dapat mengetahui optimasi risiko yang dikelola satuan organisasi XYZ sudah berjalan dengan baik dan memberikan dampak yang signifikan. Sehingga satuan organsasi XYZ perlu melakukan evaluasi untuk mengetahui tingkat kapabilitas dalam memastikan optimasi risiko yang telah dilaksanakan satuan organisasi terhadap layanan TI. Framework COBIT 5 digunakan untuk melakukan evaluasi manajemen risiko keamanan informasi dengan melakukan pengukuran tingkat kapabilitas yang memfokuskan pada subdomain EDM03 (Ensure Risk Optimisation). Hasil penelitian ini pada subdomain EDM03 memiliki tingkat kapabilitas pada level 1 performed process kategori largely achieved dengan nilai 78,29%. Pada level ini proses yang diimplementasikan organisasi mencapai tujuan prosesnya. Manfaat penelitian ini bagi satuan organisasi XYZ dapat membantu manajemen risiko keamanan informasi dan pengimplementasi framework ISO 31000 mencapai nilai optimal dalam mendukung layanan TIK di Lembaga ABC.

Sign in / Sign up

Export Citation Format

Share Document