Resumen

MARTINEZ, Esteban Crespo. ECU@Risk, a methodology for risk management applied to MSMEs. Enfoque UTE [online]. 2017, vol.8, suppl.1, pp.107-121. ISSN 1390-6542.  https://doi.org/10.29019/enfoqueute.v8n1.140.

Information is the most valuable element for any organization or person in this new century, which, for many companies, is a competitive advantage asset (Vásquez & Gabalán, 2015). However, despite the lack of knowledge about how to protect it properly or the complexity of international standards that indicate procedures to achieve an adequate level of protection, many organizations, especially the MSMEs sector, fails to achieve this goal.

Therefore, this study proposes a methodology for information security risk management, which is applicable to the business and organizational environment of the Ecuadorian MSME sector. For this purpose, we analyze several methodologies as Magerit, CRAMM (CCTA Risk Analysis and Management Method), OCTAVE-S, Microsoft Risk Guide, COBIT 5 COSO III. These methodologies are internationally used in risk management of information; in the light of the frameworks of the industry: ISO 27001, 27002, 27005 and 31000.

Palabras clave : Risk; management; ECU@Risk; Information Security..

        · resumen en Español     · texto en Español     · Español ( pdf )