Gestión del riesgo en la seguridad de la información con base en la Norma ISO/IEC 27005 de 2011, proponiendo una adaptación de la Metodología OCTAVE-S. Caso de estudio: proceso de inscripciones y admisiones en la división de admisión registro y control AC

This paper presents the application of OCTAVE-s methodology for the analysis and risk management in information security adapted to Inscription and Admission Process at the Division of Admission, Registering and Academic Control (DARCA) at the University of Cauca; following the guidelines of ISO / I...

Full description

Autores:
Espinosa, Diego
Martínez, Juan
Amador, Siler
Tipo de recurso:
Fecha de publicación:
2014
Institución:
Universidad de San Buenaventura
Repositorio:
Repositorio USB
Idioma:
spa
OAI Identifier:
oai:bibliotecadigital.usb.edu.co:10819/6565
Acceso en línea:
http://hdl.handle.net/10819/6565
Palabra clave:
Activo
Amenaza
Impacto
ISO/IEC 27005
Metodología de las Elipses
Metodología Octave-s
Riesgo
Seguridad de la información
Asset
Threat
Effect
Ellipse Method
Octave-s Methodology
Risk
Information Security
Administración de riesgo
Seguridad informática
Rights
License
Atribución-NoComercial-SinDerivadas 2.5 Colombia
Description
Summary:This paper presents the application of OCTAVE-s methodology for the analysis and risk management in information security adapted to Inscription and Admission Process at the Division of Admission, Registering and Academic Control (DARCA) at the University of Cauca; following the guidelines of ISO / IEC 27005: 2011 standard. Additionally the structure of the process is included, and the method chosen as a case study for implementing risk treatment. Finally, the obtained results and conclusions of risk management with the adapted methodology are presented.