ICT Risk Management Methodology Proposal for Governmental Entities Based on ISO/IEC 27005
Abstract:
Public entities around the world are adapting and adopting international standards to improve their internal processes, and Ecuador is not the exception. The National Secretariat of Public Administration decided to implement the standard ISO/IEC 27001: 2005 in order to respond to the continuous attacks and computer crimes presented in different public institutions of Ecuador. Even though the mentioned standard provides many benefits, it only establishes guidelines for risk management in information security, but not a step-bystep guide on how to carry out risk analysis and evaluation. Due to this situation, the present paper proposes a practical guide for the management of ICT risks presented in governmental entities compliant to ISO/IEC 27005 to improve the management of information security. This work also shares a practical and real case study of the proposed methodology to show its benefits and applicability.
Año de publicación:
2018
Keywords:
- ISO/IEC 27001
- information security
- technology risk management
- Risk management
Fuente:
scopusTipo de documento:
Conference Object
Estado:
Acceso restringido
Áreas de conocimiento:
- Ciencias de la computación
- Administración pública
Áreas temáticas de Dewey:
- Ciencias políticas (Política y gobierno)
- Programación informática, programas, datos, seguridad
- Administración pública y ciencia militar
Procesado con IAObjetivos de Desarrollo Sostenible:
- ODS 16: Paz, justicia e instituciones sólidas
- ODS 17: Alianzas para lograr los objetivos
- ODS 9: Industria, innovación e infraestructura
Procesado con IA
