ECU@Risk, a methodology for risk management applied to MSMEs

Authors

  • Esteban Crespo Martínez Universidad del Azuay

DOI:

https://doi.org/10.29019/enfoqueute.v8n1.140

Keywords:

Risk, management, ECU@Risk, Information Security

Abstract

Information is the most valuable element for any organization or person in this new century, which, for many companies, is a competitive advantage asset (Vásquez & Gabalán, 2015). However, despite the lack of knowledge about how to protect it properly or the complexity of international standards that indicate procedures to achieve an adequate level of protection, many organizations, especially the MSMEs sector, fails to achieve this goal.Therefore, this study proposes a methodology for information security risk management, which is applicable to the business and organizational environment of the Ecuadorian MSME sector. For this purpose, we analyze several methodologies as Magerit, CRAMM (CCTA Risk Analysis and Management Method), OCTAVE-S, Microsoft Risk Guide, COBIT 5 COSO III. These methodologies are internationally used in risk management of information; in the light of the frameworks of the industry: ISO 27001, 27002, 27005 and 31000.

Downloads

Download data is not yet available.

References

Bernal, C. A. (2006). Metodología de la Investigación. México: Pearson Prentice Hall.
Calderón, D., Estrella, M., & Flores, M. (2011). Sistema de Gestión de Seguridad de la Información aplicada al área de recursos humanos de la empresa DECEVALE S.A. Guayaquil: Universidad Politécnica Salesiana.
Crespo, E. (2016). Metodología de Seguridad de la Información para la gestión del Riesgo Informático aplicable a MPYMES. Universidad de Cuenca, Cuenca.
Delgado, J. A. (2014). Ciberseguridad en Gobernanza de Internet en Ecuador: Infraestructura y acceso. Encuentro Nacional de Gobernanza de Internet, Quito, Ecuador. Quito.
García Falconí, J. (07 de 02 de 2011). Revista judicial. Obtenido de derechoecuador.com: http://www.derechoecuador.com/articulos/detalle/archive/doctrinas/derechoinformatico/2011/02/07/la-proteccion-de-datos-personales
Gómez, Á. (2011). Enciclopedia de la seguridad informática. México: Alfa-Omega.
ISACA. (2012). Un Marco de Negocio para el Gobierno y la Gestión de las TI de la Empresa. Madrid: ISACA® Framework. doi:978-1-60420-282-3
Minchala, P. (2016). Estudio comparativo de las metodologías COBIT 5 y COSO III para la gestión del riesgo de TI. Universidad del Azuay, Cuenca, Ecuador.
Muñoz, D. C. (24 de Febrero de 2012). dspace. Obtenido de space: http://dspace.ups.edu.ec/bitstream/123456789/1442/5/Capitulo%202.pdf
Superintendencia de Bancos y Seguros. (2011). Gestión integral y control de riesgos. En Normas generales para las instituciones del sistema de seguros privados (págs. 95 - 107). Quito: Superintendencia de Bancos y Seguros.
Vásquez, F., & Gabalán, J. (2015). Información y ventaja competitiva. Coexistencia exitosa en las organizaciones de vanguardia. En El profesional de la información (págs. 149-156). Ebsco.
Vásquez, S., & López, D. (14 de 03 de 2016). Estudio comparativo entre las metodologías Microsoft Secure Risk Management y Octave. Cuenca, Azuay, Ecuador.

Downloads

Published

2017-02-16

How to Cite

Crespo Martínez, E. (2017). ECU@Risk, a methodology for risk management applied to MSMEs. Enfoque UTE, 8(1), pp. 107 – 121. https://doi.org/10.29019/enfoqueute.v8n1.140

Issue

Vol. 8 No. 1 (2017): INCISCOS 2016, Special Edition

Section

Miscellaneous

License

The articles and research published by the UTE University are carried out under the Open Access regime in electronic format.  This means that all content is freely available without charge to the user or his/her institution. Users are allowed to read, download, copy, distribute, print, search, or link to the full texts of the articles, or use them for any other lawful purpose, without asking prior permission from the publisher or the author. This is in accordance with the BOAI definition of open access. By submitting an article to any of the scientific journals of the UTE University, the author or authors accept these conditions.

The UTE applies the Creative Commons Attribution (CC-BY) license to articles in its scientific journals. Under this open access license, as an author you agree that anyone may reuse your article in whole or in part for any purpose, free of charge, including commercial purposes. Anyone can copy, distribute or reuse the content as long as the author and original source are correctly cited. This facilitates freedom of reuse and also ensures that content can be extracted without barriers for research needs.

 

This work is licensed under a Creative Commons Attribution 3.0 International (CC BY 3.0).

 

The Enfoque UTE journal guarantees and declares that authors always retain all copyrights and full publishing rights without restrictions [© The Author(s)]. Acknowledgment (BY): Any exploitation of the work is allowed, including a commercial purpose, as well as the creation of derivative works, the distribution of which is also allowed without any restriction.