Análisis de ciberseguridad en la ESPAM MFL, utilizando las metodologías AMFE y marisma
The present work was to develop a Cybersecurity Analysis at ESPAM MFL, to assess the risks found in the area of information security through the use of AMFE and MARISMA methodologies. To comply with the execution, it was necessary to use the methods: bibliographic, investigative-exploratory and anal...
Saved in:
| 主要作者: | |
|---|---|
| 其他作者: | |
| 格式: | masterThesis |
| 語言: | spa |
| 出版: |
2020
|
| 主題: | |
| 在線閱讀: | http://repositorio.espam.edu.ec/handle/42000/1338 |
| 標簽: |
添加標簽
沒有標簽, 成為第一個標記此記錄!
|
添加標簽 | 總結: | The present work was to develop a Cybersecurity Analysis at ESPAM MFL, to assess the risks found in the area of information security through the use of AMFE and MARISMA methodologies. To comply with the execution, it was necessary to use the methods: bibliographic, investigative-exploratory and analytical. Through the bibliographic method, the foundation of both methodologies and applicability were defined; with the investigative-exploratory method, an overview was obtained, which allowed studying the risks, later to apply them in the analytical one, through the implementation of the eMarisma tool, from which the information, application and network security patterns were identified, in addition of the controls used in both methodologies, and therefore the cybersecurity risk management plan, allowing parameterization of mitigation criteria based on the results obtained from dynamic maintenance based on the vulnerabilities found in AMFE, in which important aspects were linked of ISO 27032, 25001 and other regulations that guaranteed the support of risk mitigation processes. The aforementioned procedure established that in these patterns the Marisma methodology is efficient by recalculating asset data for threats, risk analysis and the treatment plan to carry out adequate control management, vulnerability risk analysis and threats raised in information systems, while AMFE provides a static assessment of these risks in cybersecurity. |
|---|