MASISCo—Methodological Approach for the Selection of Information Security Controls
Por favor, use este identificador para citar o enlazar este ítem:
http://hdl.handle.net/10045/131086
Título: | MASISCo—Methodological Approach for the Selection of Information Security Controls |
---|---|
Autor/es: | Diéguez Rebolledo, Mauricio | Cares Gallardo, Carlos | Cachero, Cristina | Hochstetter Diez, Jorge Alberto |
Grupo/s de investigación o GITE: | Advanced deveLopment and empIrical research on Software (ALISoft) |
Centro, Departamento o Servicio: | Universidad de Alicante. Departamento de Lenguajes y Sistemas Informáticos |
Palabras clave: | Information security management | Selection of security controls | Security risk | Security standards | Optimization problem | Operational research | Intention to adoption |
Fecha de publicación: | 13-ene-2023 |
Editor: | MDPI |
Cita bibliográfica: | Diéguez M, Cares C, Cachero C, Hochstetter J. MASISCo—Methodological Approach for the Selection of Information Security Controls. Applied Sciences. 2023; 13(2):1094. https://doi.org/10.3390/app13021094 |
Resumen: | As cyber-attacks grow worldwide, companies have begun to realize the importance of being protected against malicious actions that seek to violate their systems and access their information assets. Faced with this scenario, organizations must carry out correct and efficient management of their information security, which implies that they must adopt a proactive attitude, implementing standards that allow them to reduce the risk of computer attacks. Unfortunately, the problem is not only implementing a standard but also determining the best way to do it, defining an implementation path that considers the particular objectives and conditions of the organization and its availability of resources. This paper proposes a methodological approach for selecting and planning security controls, standardizing and systematizing the process by modeling the situation (objectives and constraints), and applying optimization techniques. The work presents an evaluation of the proposal through a methodology adoption study. This study showed a tendency of the study subjects to adopt the proposal, perceiving it as a helpful element that adapts to their way of working. The main weakness of the proposal was centered on ease of use since the modeling and resolution of the problem require advanced knowledge of optimization techniques. |
Patrocinador/es: | This research was funded by Universidad de La Frontera, research direction, research project DIUFRO DI22-0043. |
URI: | http://hdl.handle.net/10045/131086 |
ISSN: | 2076-3417 |
DOI: | 10.3390/app13021094 |
Idioma: | eng |
Tipo: | info:eu-repo/semantics/article |
Derechos: | © 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
Revisión científica: | si |
Versión del editor: | https://doi.org/10.3390/app13021094 |
Aparece en las colecciones: | INV - ALISoft - Artículos de Revistas |
Archivos en este ítem:
Archivo | Descripción | Tamaño | Formato | |
---|---|---|---|---|
Dieguez_etal_2023_ApplSci.pdf | 1,3 MB | Adobe PDF | Abrir Vista previa | |
Este ítem está licenciado bajo Licencia Creative Commons