Análisis de ciberseguridad en la ESPAM MFL, utilizando las metodologías AMFE y marisma
The present work was to develop a Cybersecurity Analysis at ESPAM MFL, to assess the risks found in the area of information security through the use of AMFE and MARISMA methodologies. To comply with the execution, it was necessary to use the methods: bibliographic, investigative-exploratory and anal...
Sparad:
| Huvudupphovsman: | |
|---|---|
| Övriga upphovsmän: | |
| Materialtyp: | masterThesis |
| Språk: | spa |
| Publicerad: |
2020
|
| Ämnen: | |
| Länkar: | http://repositorio.espam.edu.ec/handle/42000/1338 |
| Taggar: |
Lägg till en tagg
Inga taggar, Lägg till första taggen!
|
Lägg till en tagg | Sammanfattning: | The present work was to develop a Cybersecurity Analysis at ESPAM MFL, to assess the risks found in the area of information security through the use of AMFE and MARISMA methodologies. To comply with the execution, it was necessary to use the methods: bibliographic, investigative-exploratory and analytical. Through the bibliographic method, the foundation of both methodologies and applicability were defined; with the investigative-exploratory method, an overview was obtained, which allowed studying the risks, later to apply them in the analytical one, through the implementation of the eMarisma tool, from which the information, application and network security patterns were identified, in addition of the controls used in both methodologies, and therefore the cybersecurity risk management plan, allowing parameterization of mitigation criteria based on the results obtained from dynamic maintenance based on the vulnerabilities found in AMFE, in which important aspects were linked of ISO 27032, 25001 and other regulations that guaranteed the support of risk mitigation processes. The aforementioned procedure established that in these patterns the Marisma methodology is efficient by recalculating asset data for threats, risk analysis and the treatment plan to carry out adequate control management, vulnerability risk analysis and threats raised in information systems, while AMFE provides a static assessment of these risks in cybersecurity. |
|---|