Repositorio UFRO · Omeka S

MASISCo-Methodological Approach for the Selection of Information Security Controls

Primer Autor	Dieguez, Mauricio
Co-autores	Cares, Carlos Cachero, Cristina Hochstetter, Jorge
Título	MASISCo-Methodological Approach for the Selection of Information Security Controls
Editorial	MDPI
Revista	APPLIED SCIENCES-BASEL
Lenguaje	en
Resumen	As cyber-attacks grow worldwide, companies have begun to realize the importance of being protected against malicious actions that seek to violate their systems and access their information assets. Faced with this scenario, organizations must carry out correct and efficient management of their information security, which implies that they must adopt a proactive attitude, implementing standards that allow them to reduce the risk of computer attacks. Unfortunately, the problem is not only implementing a standard but also determining the best way to do it, defining an implementation path that considers the particular objectives and conditions of the organization and its availability of resources. This paper proposes a methodological approach for selecting and planning security controls, standardizing and systematizing the process by modeling the situation (objectives and constraints), and applying optimization techniques. The work presents an evaluation of the proposal through a methodology adoption study. This study showed a tendency of the study subjects to adopt the proposal, perceiving it as a helpful element that adapts to their way of working. The main weakness of the proposal was centered on ease of use since the modeling and resolution of the problem require advanced knowledge of optimization techniques.
Fecha Publicación	2023
Tipo de Recurso	artículo original
doi	10.3390/app13021094
Formato Recurso	PDF
Palabras Claves	information security management selection of security controls security risk security standards optimization problem operational research intention to adoption
Ubicación del archivo	http://dx.doi.org/10.3390/app13021094
Categoría OCDE	Química Ingeniería Ciencia de Materiales Física
Materias	gestión de seguridad de la información selección de controles de seguridad riesgo de seguridad estándares de seguridad problema de optimizacion investigación Operativa intención de adopción
Identificador del recurso (Mandatado-único)	artículo original
Versión del recurso (Recomendado-único)	versión publicada
License	CC BY 4.0
Condición de la licencia (Recomendado-repetible)	CC BY 4.0
Derechos de acceso	acceso abierto
Access Rights	acceso abierto
Id de Web of Science	WOS:000914363200001
Tipo de ruta	verde# dorado
Categoría WOS	Química Ingeniería Ciencia de Materiales Física