El Risk analysis on the information security

Authors

  • Manuel Mujica Universidad Nacional Experimental Politécnica Antonio José de Sucre, Venezuela
  • Yenny Alvarez Universidad Pedag´ógica Experimental Libertador, Venezuela

Keywords:

Information Security, risk analysis, vulnerabilities, threats

Abstract

The purpose of this paper is to provide a set of conceptual thinking on information security and specifically on risk analysis and its importance in organizations. So, the most important and affected resource in any public or private, large or small organization, is the information collected, processed, stored and made available to users on computers and transmitted over networks, so that any organization must be alert and learn to implement security systems based on a risk analysis to prevent or mitigate the unintended consequences, because the risk is measurable. Risk analysis is a process that identifies threats and vulnerabilities of an organization with the goal of creating controls that mitigate or minimize the effects of risks, that involves to determine which assets to protect, from what or from who have to be protected and how to do it. The risk analysis should be made continuously since it is necessary to assess regularly whether the identified risks and exposure to those calculated earlier are still valid, and it is of vital importance because it can allow to identify future impacts on the risk structure of the organization. Internationally there is a standard, ISO 27005:2008 published in June of 2008, which establishes criteria for risk management of information security and provides a standardized framework that provides guidance in defining its own methodologies for each organization, this rule serves support to ISO 27001:2005 which provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a management system for information security (ISMS).

Downloads

Download data is not yet available.

Author Biographies

Manuel Mujica, Universidad Nacional Experimental Politécnica Antonio José de Sucre, Venezuela

Departamento de Redes UNEXPO,Universidad Nacional Experimental Polit´ecnica “Antonio Jos´e de Sucre”,
Barquisimeto, Lara 3001

Yenny Alvarez, Universidad Pedag´ógica Experimental Libertador, Venezuela

UPEL-IPB, Barquisimeto, Venezuela

Published

2009-07-10

How to Cite

[1]
M. Mujica and Y. Alvarez, “El Risk analysis on the information security”, Publ.Cienc.Tecnol, vol. 4, no. 2, pp. 33-37, Jul. 2009.

Issue

Section

Technical Report