SciELO - Scientific Electronic Library Online

vol.8 suppl.1Biomedical equipment for the control of nutrition and for the physical exercise of people with diabetesSmart public transportation at your fingertips author indexsubject indexarticles search
Home Pagealphabetic serial listing  

Services on Demand




Related links

  • Have no similar articlesSimilars in SciELO


Enfoque UTE

On-line version ISSN 1390-6542Print version ISSN 1390-9363


MARTINEZ, Esteban Crespo. ECU@Risk, a methodology for risk management applied to MSMEs. Enfoque UTE [online]. 2017, vol.8, suppl.1, pp.107-121. ISSN 1390-6542.

Information is the most valuable element for any organization or person in this new century, which, for many companies, is a competitive advantage asset (Vásquez & Gabalán, 2015). However, despite the lack of knowledge about how to protect it properly or the complexity of international standards that indicate procedures to achieve an adequate level of protection, many organizations, especially the MSMEs sector, fails to achieve this goal.

Therefore, this study proposes a methodology for information security risk management, which is applicable to the business and organizational environment of the Ecuadorian MSME sector. For this purpose, we analyze several methodologies as Magerit, CRAMM (CCTA Risk Analysis and Management Method), OCTAVE-S, Microsoft Risk Guide, COBIT 5 COSO III. These methodologies are internationally used in risk management of information; in the light of the frameworks of the industry: ISO 27001, 27002, 27005 and 31000.

Keywords : Risk; management; ECU@Risk; Information Security..

        · abstract in Spanish     · text in Spanish     · Spanish ( pdf )