martes, 12 de agosto de 2008

Análisis de riesgo gráfico

Por Omar Alejandro Herrera Reyna

Hace ya unos 6 años publiqué un paper sobre una metodología gráfica de análisis de riesgos. Las referencias todavía están por ahí en Internet pero los sitios donde estaba almacenado el paper ya no parecen estar en línea, así que aquí dejo una liga y el abstract para quien le interese:

Graphical Risk Analysis (GRA): A Methodology To Aid In Modeling Systems For Information Security Risk analysis

Risk analysis for information security, as we know it today, is a difficult task involving experience and extensive knowledge of the environment being analyzed. There are already many methodologies out there but most fall in the category of what we call “check lists” or “questionnaires”.

I will present a methodology, “Graphical Risk Analysis” (GRA), that can aid in risk analysis activities for information security. The approach is based on well-known system security principles and uses diagrams to model the system at different abstract levels. The information security risk analyst can, with this approach, ensure that he/she understands the main business processes which the system environment supports, analyze in detail the critical parts of an information system that are most critical from a business perspective.

GRA intends to be a simple risk analysis methodology focused on availability and dependency of services and systems; although it is not intended to be an all inclusive solution, it will be useful in conjunction with other methodologies, in all information security risk analysis activities.
Fuente: http://candadodigital.blogspot.com/2008/08/papers-anlisis-de-riesgos-grfico.html

No hay comentarios: