Regresar

DSR Approach to Assessment and Reduction of Information Security Risk in TELCO

Abstract:

Using the paradigm DSR, we design and evaluate an artifact of model type, useful for assessment and reduction of information security risk, applicable to Telecommunications Operators (TELCO). DSR prescribes the use of Design and Evaluation phases, as well as a set of implementation guidelines. In its phases, we use considerations of ICT Governance and Management through applying reference models. Therefore, the Risk Assessment Method identifies important business process and defines those that must be adopted as information assets, and assesses their risk by combining contents from COBIT 5, eTOM Level 2 and ISO 27011; through the Risk Reduction Method are defined the Guides for Risk Reduction, which contain controls, selected by combining COBIT for Information Security, and ISO 27011. In the Evaluation Phase, was developed a case study in an important Ecuadorian TELCO, and was argued regarding features and implementation experiences of model developed, as well as of research paradigm used. Thus, this paper contributes with a practical tool for professionals in Information Security, and the expansion of the body of knowledge about its application in TELCO.