TY - JOUR AU - Crespo Martínez, Esteban PY - 2017/02/16 Y2 - 2024/03/29 TI - ECU@Risk, a methodology for risk management applied to MSMEs JF - Enfoque UTE JA - Enfoque UTE VL - 8 IS - 1 SE - DO - 10.29019/enfoqueute.v8n1.140 UR - https://ingenieria.ute.edu.ec/enfoqueute/index.php/revista/article/view/140 SP - pp. 107 - 121 AB - <p>Information is the most valuable element for any organization or person in this new century, which, for many companies, is a competitive advantage asset (Vásquez &amp; Gabalán, 2015). However, despite the lack of knowledge about how to protect it properly or the complexity of international standards that indicate procedures to achieve an adequate level of protection, many organizations, especially the MSMEs sector, fails to achieve this goal.Therefore, this study proposes a methodology for information security risk management, which is applicable to the business and organizational environment of the Ecuadorian MSME sector. For this purpose, we analyze several methodologies as Magerit, CRAMM (CCTA Risk Analysis and Management Method), OCTAVE-S, Microsoft Risk Guide, COBIT 5 COSO III. These methodologies are internationally used in risk management of information; in the light of the frameworks of the industry: ISO 27001, 27002, 27005 and 31000.</p> ER -