Santos-Olmo, Antonio and Sánchez, Luis Enrique and Rosado, David G and Serrano, Manuel A and Blanco, Carlos and Mouratidis, Haralambos and Fernández-Medina, Eduardo (2024) Towards an integrated risk analysis security framework according to a systematic analysis of existing proposals. Frontiers of Computer Science, 18 (3). DOI https://doi.org/10.1007/s11704-023-1582-6
Santos-Olmo, Antonio and Sánchez, Luis Enrique and Rosado, David G and Serrano, Manuel A and Blanco, Carlos and Mouratidis, Haralambos and Fernández-Medina, Eduardo (2024) Towards an integrated risk analysis security framework according to a systematic analysis of existing proposals. Frontiers of Computer Science, 18 (3). DOI https://doi.org/10.1007/s11704-023-1582-6
Santos-Olmo, Antonio and Sánchez, Luis Enrique and Rosado, David G and Serrano, Manuel A and Blanco, Carlos and Mouratidis, Haralambos and Fernández-Medina, Eduardo (2024) Towards an integrated risk analysis security framework according to a systematic analysis of existing proposals. Frontiers of Computer Science, 18 (3). DOI https://doi.org/10.1007/s11704-023-1582-6
Abstract
The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets. The availability of these systems is now vital for the protection and evolution of companies. However, several factors have led to an increasing need for more accurate risk analysis approaches. These are: the speed at which technologies evolve, their global impact and the growing requirement for companies to collaborate. Risk analysis processes must consequently adapt to these new circumstances and new technological paradigms. The objective of this paper is, therefore, to present the results of an exhaustive analysis of the techniques and methods offered by the scientific community with the aim of identifying their main weaknesses and providing a new risk assessment and management process. This analysis was carried out using the systematic review protocol and found that these proposals do not fully meet these new needs. The paper also presents a summary of MARISMA, the risk analysis and management framework designed by our research group. The basis of our framework is the main existing risk standards and proposals, and it seeks to address the weaknesses found in these proposals. MARISMA is in a process of continuous improvement, as is being applied by customers in several European and American countries. It consists of a risk data management module, a methodology for its systematic application and a tool that automates the process.
Item Type: | Article |
---|---|
Uncontrolled Keywords: | information security management; security system; security risk assessment and management |
Divisions: | Faculty of Science and Health Faculty of Science and Health > Computer Science and Electronic Engineering, School of |
SWORD Depositor: | Unnamed user with email elements@essex.ac.uk |
Depositing User: | Unnamed user with email elements@essex.ac.uk |
Date Deposited: | 03 May 2024 14:59 |
Last Modified: | 03 May 2024 14:59 |
URI: | http://repository.essex.ac.uk/id/eprint/37519 |
Available files
Filename: s11704-023-1582-6.pdf
Licence: Creative Commons: Attribution 4.0