Gestión del riesgo en la seguridad de la información con base en la Norma ISO/IEC 27005 de 2011, proponiendo una adaptación de la Metodología OCTAVE-S. Caso de estudio: proceso de inscripciones y admisiones en la división de admisión registro y control AC
This paper presents the application of OCTAVE-s methodology for the analysis and risk management in information security adapted to Inscription and Admission Process at the Division of Admission, Registering and Academic Control (DARCA) at the University of Cauca; following the guidelines of ISO / I...
- Autores:
-
Espinosa, Diego
Martínez, Juan
Amador, Siler
- Tipo de recurso:
- Fecha de publicación:
- 2014
- Institución:
- Universidad de San Buenaventura
- Repositorio:
- Repositorio USB
- Idioma:
- spa
- OAI Identifier:
- oai:bibliotecadigital.usb.edu.co:10819/6565
- Acceso en línea:
- http://hdl.handle.net/10819/6565
- Palabra clave:
- Activo
Amenaza
Impacto
ISO/IEC 27005
Metodología de las Elipses
Metodología Octave-s
Riesgo
Seguridad de la información
Asset
Threat
Effect
Ellipse Method
Octave-s Methodology
Risk
Information Security
Administración de riesgo
Seguridad informática
- Rights
- License
- Atribución-NoComercial-SinDerivadas 2.5 Colombia
Summary: | This paper presents the application of OCTAVE-s methodology for the analysis and risk management in information security adapted to Inscription and Admission Process at the Division of Admission, Registering and Academic Control (DARCA) at the University of Cauca; following the guidelines of ISO / IEC 27005: 2011 standard. Additionally the structure of the process is included, and the method chosen as a case study for implementing risk treatment. Finally, the obtained results and conclusions of risk management with the adapted methodology are presented. |
---|