MASISCo-Methodological Approach for the Selection of Information Security Controls
| Primer Autor |
Dieguez, Mauricio
|
| Co-autores |
Cares, Carlos
Cachero, Cristina
Hochstetter, Jorge
|
| Título |
MASISCo-Methodological Approach for the Selection of Information Security Controls
|
| Editorial |
MDPI
|
| Revista |
APPLIED SCIENCES-BASEL
|
| Lenguaje |
en
|
| Resumen |
As cyber-attacks grow worldwide, companies have begun to realize the importance of being protected against malicious actions that seek to violate their systems and access their information assets. Faced with this scenario, organizations must carry out correct and efficient management of their information security, which implies that they must adopt a proactive attitude, implementing standards that allow them to reduce the risk of computer attacks. Unfortunately, the problem is not only implementing a standard but also determining the best way to do it, defining an implementation path that considers the particular objectives and conditions of the organization and its availability of resources. This paper proposes a methodological approach for selecting and planning security controls, standardizing and systematizing the process by modeling the situation (objectives and constraints), and applying optimization techniques. The work presents an evaluation of the proposal through a methodology adoption study. This study showed a tendency of the study subjects to adopt the proposal, perceiving it as a helpful element that adapts to their way of working. The main weakness of the proposal was centered on ease of use since the modeling and resolution of the problem require advanced knowledge of optimization techniques.
|
| Fecha Publicación |
2023
|
| Tipo de Recurso |
artículo original
|
| doi |
10.3390/app13021094
|
| Formato Recurso |
PDF
|
| Palabras Claves |
information security management
selection of security controls
security risk
security standards
optimization problem
operational research
intention to adoption
|
| Ubicación del archivo | |
| Categoría OCDE |
Química
Ingeniería
Ciencia de Materiales
Física
|
| Materias |
gestión de seguridad de la información
selección de controles de seguridad
riesgo de seguridad
estándares de seguridad
problema de optimizacion
investigación Operativa
intención de adopción
|
| Identificador del recurso (Mandatado-único) |
artículo original
|
| Versión del recurso (Recomendado-único) |
versión publicada
|
| License |
CC BY 4.0
|
| Condición de la licencia (Recomendado-repetible) |
CC BY 4.0
|
| Derechos de acceso |
acceso abierto
|
| Access Rights |
acceso abierto
|
| Id de Web of Science |
WOS:000914363200001
|
| Tipo de ruta |
verde# dorado
|
| Categoría WOS |
Química
Ingeniería
Ciencia de Materiales
Física
|
cienciaabierta.ufro.cl
ciencia.abierta@ufrontera.cl