Kriativ-tech Volume 1, Issue 9, January 2023, Pages: xxx Received: Jan. 22, 2023; Accepted: Jan. 27, 2023. Published: Mar. 13, 2023.

Authors

Sérgio Pinto, Assistant Professor at ISTEC

Media

PDF

To cite this article

Sérgio Pinto, Application tool for information security and cybersecurity risk management in an organizationDOI: 10.31112/kriativ-tech-2022-06-81

Abstract

Currently organizations are increasingly exposed to information security and cybersecurity attacks. Therefore, this article intends to describe a process for analyzing/auditing potential risks to be able to assist an organization in choosing the security measures and controls to define and implement an adequate level of security. Additionally, this article also intends to be a reference for the development of an application tool to implement this process.

Keywords

Cybersecurity, Impact, Organization, Probability, Risk, Threat, Vulnerability.

References

[1] CNCS (2022), “Guia para Gestão de Riscos em matérias de Segurança da Informação e Cibersegurança”, retrieved from: https://www.cncs.gov.pt/docs/guia-de-gestao-dos-riscos.pdf[2] CNCS (2019), “QNRCS: Quadro Nacional de Referência para a Cibersegurança”, retrieved from:https://www.cncs.gov.pt/docs/cncs-qnrcs-2019.pdf[3] Artigo 10º Decreto Lei nº 65/2021, 30 de julho, “Regime Jurídico da Segurança do Ciberespaço“, retrieved from:https://www.cncs.gov.pt/pt/regime-juridico/[4] CNCS (2020), “Quadro de Avaliação de Capacidades de Cibersegurança”, retrieved from: https://www.cncs.gov.pt/docs/cncs-quadrodeavaliacao.pdf[5] ISO/IEC 27005:2018, “Information technology -- Security techniques -- Information security risk management”, retrieved from: https://www.standards-pdf-download.com/iso-iec-27005-2018-download-free.html[6] NIST (2022), “Risk Management Framework: Security and Privacy Controls for Information Systems and Organizations, Revision 5”, SP 800-53, retrieved from: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final[7] NP ISO/IEC 31000, “Gestão do Risco – Linhas de orientação”, retrieved from: http://qualitividade.pt/wp-content/uploads/2016/04/NPISO031000_2012.pdf[8] ISO/IEC 27001:2022, “Information security, cybersecurity and privacy protection — Information security management systems — Requirements”, retrieved from: http://www.itref.ir/uploads/editor/2ef522.pdf