El Risk analysis on the information security
Keywords:
Information Security, risk analysis, vulnerabilities, threatsAbstract
The purpose of this paper is to provide a set of conceptual thinking on information security and specifically on risk analysis and its importance in organizations. So, the most important and affected resource in any public or private, large or small organization, is the information collected, processed, stored and made available to users on computers and transmitted over networks, so that any organization must be alert and learn to implement security systems based on a risk analysis to prevent or mitigate the unintended consequences, because the risk is measurable. Risk analysis is a process that identifies threats and vulnerabilities of an organization with the goal of creating controls that mitigate or minimize the effects of risks, that involves to determine which assets to protect, from what or from who have to be protected and how to do it. The risk analysis should be made continuously since it is necessary to assess regularly whether the identified risks and exposure to those calculated earlier are still valid, and it is of vital importance because it can allow to identify future impacts on the risk structure of the organization. Internationally there is a standard, ISO 27005:2008 published in June of 2008, which establishes criteria for risk management of information security and provides a standardized framework that provides guidance in defining its own methodologies for each organization, this rule serves support to ISO 27001:2005 which provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a management system for information security (ISMS).
Downloads
Published
How to Cite
Issue
Section
Creative Commons Reconocimiento-NoComercial-CompartirIgual 4.0 Internacional (CC BY-NC-SA 4.0)
The opinions expressed by the authors do not necessarily reflect the position of the publisher of the publication or of UCLA. The total or partial reproduction of the texts published here is authorized, as long as the complete source and the electronic address of this journal are cited.
The authors fully retain the rights to their works, giving the journal the right to be the first publication where the article is presented. The authors have the right to use their articles for any purpose as long as it is done for non-profit. Authors are recommended to disseminate their articles in the final version, after publication in this journal, in the electronic media of the institutions to which they are affiliated or personal digital media.