Return to search

Information security risk management model for mitigating the impact on SMEs in Peru

El texto completo de este trabajo no está disponible en el Repositorio Académico UPC por restricciones de la casa editorial donde ha sido publicado. / This paper proposes an information security risk management model that allows mitigating the threats to which SMEs in Peru are exposed. According to studies by Ernst Young, 90% of companies in Peru are not prepared to detect security breaches, and 51% have already been attacked. In addition, according to Deloitte, only 10% of companies maintain risk management indicators. The model consists of 3 phases: 1. Inventory the information assets of the company, to conduct the risk analysis of each one; 2. Evaluate treatment that should be given to each risk, 3. Once the controls are implemented, design indicators to help monitor the implemented safeguards. The article focuses on the creation of a model that integrates a standard of risk management across the company with a standard of IS indicators to validate compliance, adding as a contribution the results of implementation in a specific environment. The proposed model was validated in a pharmaceutical SME in Lima, Peru. The results showed a 71% decrease in risk, after applying 15 monitoring and training controls, lowering the status from a critical level to an acceptable level between 1.5 and 2.3, according to the given assessment. / Revisión por pares

Identiferoai:union.ndltd.org:PERUUPC/oai:repositorioacademico.upc.edu.pe:10757/656577
Date01 June 2020
CreatorsGaray, Daniel Felipe Carnero, Marcos Antonio, Carbajal Ramos, Armas-Aguirre, Jimmy, Molina, Juan Manuel Madrid
PublisherIEEE Computer Society
Source SetsUniversidad Peruana de Ciencias Aplicadas (UPC)
LanguageEnglish
Detected LanguageEnglish
Typeinfo:eu-repo/semantics/article, info:eu-repo/semantics/article
Formatapplication/html
SourceRepositorio Academico - UPC, Universidad Peruana de Ciencias Aplicadas (UPC), Iberian Conference on Information Systems and Technologies, CISTI, 2020-June
Rightsinfo:eu-repo/semantics/embargoedAccess
Relationhttps://ieeexplore.ieee.org/document/9140980

Page generated in 0.0022 seconds