Skip to main content
CISTI'2020 - 15th Iberian Conference on Information Systems and Technologies

Full Program »

Information security risk management model for mitigating the impact on SMEs in Peru

This paper proposes an information security risk management model that allows mitigating the threats to which SMEs in Peru are exposed. According to studies by Ernst & Young, 90% of companies in Peru are not prepared to detect security breaches, and 51% have already been attacked. In addition, according to Deloitte, only 10% of companies maintain risk management indicators. The model consists of 3 phases: 1. Inventory the information assets of the company, to conduct the risk analysis of each one; 2. Evaluate treatment that should be given to each risk, 3. Once the controls are implemented, design indicators to help monitor the implemented safeguards. The article focuses on the integration of the model with indicators to validate compliance, adding as a contribution the results obtained from the implementation. The proposed model was validated in a pharmaceutical SME in Lima, Peru. The results showed a 71% decrease in risk, after applying 15 monitoring and training controls, lowering the status from a critical level to an acceptable level between 1.5 and 2.3, according to the given assessment.

Jimmy Armas
Universidad Peruana de Ciencias Aplicadas
Peru

Daniel Carnero
Universidad Peruana de Ciencias Aplicadas
Peru

Marcos Carbajal
Universidad Peruana de Ciencias Aplicadas
Peru

Juan Manuel Madrid Molina
Universidad Icesi
Colombia

 


Powered by OpenConf®
Copyright ©2002-2018 Zakon Group LLC