Analisis de riesgos de seguridad IT y continuidad en el sector financiero
CovenanteeErnst & Young
Document typeBachelor thesis
Rights accessRestricted access - confidentiality agreement
Information systems as well as information itself are the main asset of organizations today, making them aware of the importance of carrying out a risk management process to identify which are the main vulnerabilities of their information assets and what threats might exploit such vulnerabilities. There is a wide range of pos sible methodologies to carry out this process, which is essential to review and compare to find out the one that best suits the needs and the initial objective set by the organization in the scope of the project. Furthermore , it is possible to consult a la rge series of standards that offer good practices guide lines and facilitate their adaptation to each methodology as well as to those entities that choose to follow their own methodology, collecting the most relevant aspects for their case of use of the dif ferent methodologies existing as well as the best practice guide lines proposed by international standards. Based on the risk analysis implemented, a critical, well - executed and efficient assessment is necessary in order to later decide which options to ta ke against the risk and identify a control framework to mitigate the occurrence of identified threats or their impact always maintaining a balance between the cost of the action to be taken, asset’s importance and risk criticality level . These preventive m easures that can be established by the organization allow them to obtain higher levels of security for their information systems, thus ensuring their main asset.
SubjectsGestió del risc