ICT Risk Management Methodology Proposal for Governmental Entities Based on ISO/IEC 27005

Susana Patiño; Edgar Fernando Solís; Sang Guun Yoo; Rubén Arroyo

doi:10.1109/ICEDEG.2018.8372361

2018 Fifth International Conference on eDemocracy & eGovernment (ICEDEG)

ICT Risk Management Methodology Proposal for Governmental Entities Based on ISO/IEC 27005

Year: 2018, Pages: 75-82

DOI Bookmark: 10.1109/ICEDEG.2018.8372361

Authors

Susana Patiño, Escuela de Sistemas y Computación, Pontificia Universidad Católica del Ecuador Sede Esmeraldas, Esmeraldas,Ecuador
Edgar Fernando Solís, Departamento de Ciencias de la Computación, Universidad de las Fuerzas Armadas ESPE, Sangolquí,Ecuador
Sang Guun Yoo, Departamento de Ciencias de la Computación, Universidad de las Fuerzas Armadas ESPE, Sangolquí,Ecuador
Rubén Arroyo, Departamento de Ciencias de la Computación, Universidad de las Fuerzas Armadas ESPE, Sangolquí,Ecuador

Abstract

Public entities around the world are adapting and adopting international standards to improve their internal processes, and Ecuador is not the exception. The National Secretariat of Public Administration decided to implement the standard ISO/IEC 27001: 2005 in order to respond to the continuous attacks and computer crimes presented in different public institutions of Ecuador. Even though the mentioned standard provides many benefits, it only establishes guidelines for risk management in information security, but not a step-bystep guide on how to carry out risk analysis and evaluation. Due to this situation, the present paper proposes a practical guide for the management of ICT risks presented in governmental entities compliant to ISO/IEC 27005 to improve the management of information security. This work also shares a practical and real case study of the proposed methodology to show its benefits and applicability.

Like what you’re reading?

Already a member?

Get this article FREE with a new membership!

Study on Analysis of Security Vulnerabilities and Countermeasures in ISO/IEC 15118 Based Electric Vehicle Charging Technology
2014 International Conference on IT Convergence and Security (ICITCS)
An Analysis of Software Supportable Tasks Related with ISO/IEC 15408
2013 Ninth International Conference on Computational Intelligence and Security (CIS)
Software engineering standards and guides for Very Small Entities implementation in two start-ups
2015 International Conference on Evaluation of Novel Approaches to Software Engineering (ENASE)
Integrating ISO/IEC 27001 and other Managerial Discipline Standards with Processes of Management in Organizations
2012 Seventh International Conference on Availability, Reliability and Security
On the Relationship of ISO/IEC 9126 Metrics and the Alpha States of the SEMAT Kernel
2016 4th International Conference in Software Engineering Research and Innovation (CONISOFT)
Software Quality Assessment Applied for the Governmental Organizations using ISO/IEC 25000
2018 Fifth International Conference on eDemocracy & eGovernment (ICEDEG)
A Model for Assessing COBIT 5 and ISO 27001 Simultaneously
2018 IEEE 20th Conference on Business Informatics (CBI)
Measuring Software Product Quality: A Survey of ISO/IEC 9126
IEEE Software
Extending ISO/IEC 29110 Basic Profile with Privacy-by-Design Approach: A Case Study in the Health Care Sector
2018 11th International Conference on the Quality of Information and Communications Technology (QUATIC)
Could an ISMS Model (ISO/IEC 27001:2013 Standard) Implementation Really Protect Public Data?
2023 Ninth International Conference on eDemocracy & eGovernment (ICEDEG)

ICT Risk Management Methodology Proposal for Governmental Entities Based on ISO/IEC 27005

Authors

Abstract

Related Articles