MePRiSIA: Risk Prevention Methodology for Academic Information Systems

Cristina Satizábal, Nancy Acevedo

Abstract


The information of academic systems can be stolen, modified or erased by attackers and cause major losses to institutions. Since, prevention is better than cure, educational institutions should apply a risk prevention methodology to avoid the academic information misuse by users or attackers. For that reason, we design MePRiSIA, a simple and easy to understand risk prevention methodology that, unlike the existing ones, includes the human factor in each step. MePRiSIA has four steps: setting the context, risk identification, risk analysis and risk prevention. It was applied to the academic information system of Universidad de Pamplona (Colombia) called ACADEMUSOFT and was evaluated by experts. After apply MePRiSIA to ACADEMUSOFT, we can conclude that human factor is part of its most important assets and is involved in the very high-level risks identified. According to the experts, implementation of MePRiSIA is hard when institution directors don’t provide staff and financial resources for this purpose.

Keywords


academic information system; management; methodology; prevention; risk

Full Text:

PDF

References


J. E. Lizarazo Rueda, “El Ser Humano: Factor Clave en la Seguridad de la Información,” Apuntes de Investigación, vol. 3, 2012.

R. A. Caralli, J. F. Stevens, L. R. Young, and W. R. Wilson, Introducing OCTAVE Allegro: Improving the Information Security Risk Assesment Process, CMU/SEI-2007-TR-12, ESC-TR-2007-012, Carnegie Mellon University, Bedford, 2007.

SINTEF, The CORAS Model-Based Method for Security Risk Analysis, SINTEF, Oslo, 2006.

s.a. "AS/NZS 4360:1999 -Estándar Australiano, Administración de Riesgos," 2015; http://docplayer.es/6350406-As-nzs-4360-1999-estandar-australiano-administracion-de-riesgos-administracion-de-riesgos.html.

ICONTEC, NTC-ISO/IEC 27005: Tecnología de la Información. Técnicas de Seguridad. Gestión del Riesgo en la Seguridad de la Información, ICONTEC, Bogotá, 2009.

M. M. d. Qasem, “Information Technology Risk Assessment Methodologies: Current Status and Future Directions,” International Journal of Scientific & Engineering Research, vol. 4, no. 12, pp. 966-972, 2013.

Villalba, Magerit version 1.0: Risk Analysis and Management Methodology for Information Systems (Procedures Handbook), 2002.

NIST, Risk Management Guide for Information Technology Systems, Washington: U.S. Department of Commerce, 2001.

M. García Mejía, Metodología para el Diagnóstico, Prevención y Control de la Corrupción en Programas de Seguridad Ciudadana, Documento de Debate #IDB-DP-117, Banco Interamericano de Desarrollo (BID), 2010.

P. Mell, K. Kent, and J. Nusbaum, Guide to Malware Incident Prevention and Handling, Gaithersburg: National Institute of Standards and Technology (NIST), 2005.

N. Acevedo, and C. Satizábal, “Risk Management and Prevention Methodologies: A Comparison,” Sistemas & Telemática, vol. 14, no. 56, pp. 39-58, 2016.

A. G. Alexander, Diseño de un Sistema de Gestión de Seguridad de Información: Óptica ISO 27001:2005, Bogotá: Alfaomega Colombiana S.A., 2007.

G. Alvarez Marañón, and P. P. Pérez García, Seguridad Informática para Empresas y Particulares, Madrid: McGraw Hill, 2004.

CIADTI. "Academusoft," 25/08/2017; http://www.unipamplona.edu.co/unipamplona/portalIG/home_220/recursos/01general/30092016/academusoft.jsp.

J. J. Cano, and G. Saucedo Mesa, VII Encuesta Latinoamericana de Seguridad de la Información, ACIS, 2015.

M. H. Badii, A. Guillen, E. Cerna, and J. Valenzuela, “Nociones Introductorias de Muestreo Estadístico,” International Journal of Good Conscience, vol. 6, no. 1, pp. 89-105, 2011.

N. M. Acevedo Quintana, “Metodología para la Prevención de Riesgos en el Manejo de la Información Personal Almacenada en el Sistema de Información Académica de la Universidad de Pamplona,” Master Thesis, Maestría en Gestión de Proyectos Informáticos, Universidad de Pamplona, Pamplona (Colombia), 2016.

K. J. Ramos Lara, “Sistema de Índices para la Valoración de los Activos Intangibles,” Contribuciones a la Economía, Julio, 2014.

Ley 1581 C. d. Colombia, 2012.




DOI: https://doi.org/10.17533/10.17533/udea.redin.n89a11 Abstract : 82 PDF : 69

Article Metrics

Metrics Loading ...

Metrics powered by PLOS ALM


Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Esta publicación hace parte del Sistema de Revistas de la Universidad de Antioquia
¿Quieres aprender a usar el Open Journal system? Ingresa al Curso virtual
Este sistema es administrado por el Programa Integración de Tecnologías a la Docencia
Universidad de Antioquia
Powered by Public Knowledge Project