Towards an integrated risk analysis security framework according to a systematic analysis of existing proposals |
| |
| Authors: | Antonio SANTOS-OLMO Luis Enrique SÁNCHEZ David G. ROSADO Manuel A. SERRANO Carlos BLANCO Haralambos MOURATIDIS Eduardo FERNÁNDEZ-MEDINA |
| |
| Affiliation: | 1. GSyA Research Group, University of Castilla-La Mancha, Ciudad Real 13071, Spain2. Institute for Analytics and Data Science, University of Essex, Colchester CO4 3SQ, UK3. Alarcos Research Group, University of Castilla-La Mancha, Ciudad Real 13071, Spain4. ISTR Research group, Department of Computer Science and Electronics, University of Cantabria, Santander 39005, Spain |
| |
| Abstract: | The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets. The availability of these systems is now vital for the protection and evolution of companies. However, several factors have led to an increasing need for more accurate risk analysis approaches. These are: the speed at which technologies evolve, their global impact and the growing requirement for companies to collaborate. Risk analysis processes must consequently adapt to these new circumstances and new technological paradigms. The objective of this paper is, therefore, to present the results of an exhaustive analysis of the techniques and methods offered by the scientific community with the aim of identifying their main weaknesses and providing a new risk assessment and management process. This analysis was carried out using the systematic review protocol and found that these proposals do not fully meet these new needs. The paper also presents a summary of MARISMA, the risk analysis and management framework designed by our research group. The basis of our framework is the main existing risk standards and proposals, and it seeks to address the weaknesses found in these proposals. MARISMA is in a process of continuous improvement, as is being applied by customers in several European and American countries. It consists of a risk data management module, a methodology for its systematic application and a tool that automates the process. |
| |
| Keywords: | information security management security system security risk assessment and management |
|
| 点击此处可从《Frontiers of Computer Science》浏览原始摘要信息 |
|
点击此处可从《Frontiers of Computer Science》下载全文 |
|
