Risk management model for information security





risk management, information security, information management, risk analysis


A risk management model makes it possible to explore the organizational factors and risk management practices that affect or delay the achievement of the objectives that are considered strategic. The purpose of managing risks is to develop a detailed analysis of the organization, its operations, assets, processes and their existing interrelationships in order to establish a complete list of risks, which implies identifying, analyzing and providing alternative treatment to risks. actual and potential. Therefore, a risk management model obtains too much importance when focusing on the needs of the organization in a specific way, since it is not only about copying norms or policies of one organization to mitigate the risks of another, but each of these has different scenarios or contexts.


Download data is not yet available.


Antunes, M., Maximiano, M., & Gomes, R. (2022). A Client-Centered Information Security and Cybersecurity Auditing Framework. Applied Sciences (Switzerland), 12(9). https://doi.org/10.3390/app12094102 DOI: https://doi.org/10.3390/app12094102

César, R. G. (2021). Propuesta de Implementación de un Sistema de Gestión de Seguridad de la Información aplicando la Norma ISO 27001:2013 para una Institución del Estado en la Provincia Constitucional de Callao-2021.

Cordero, J. V. (2021). ISO/IEC standards as mechanisms of proactive responsibility in the General Data Protection Regulation. Revista de Internet, Derecho y Politica, 33(33), 1–12. https://doi.org/10.7238/IDP.V0I33.376366 DOI: https://doi.org/10.7238/idp.v0i33.376366

Denker, A. (2021). Protection of privacy and personal data in the big data environment of smart cities. International Archives of the Photogrammetry, Remote Sensing and Spatial Information Sciences - ISPRS Archives, 46(4/W5-2021), 181–186. https://doi.org/10.5194/isprs-Archives-XLVI-4-W5-2021-181-2021 DOI: https://doi.org/10.5194/isprs-archives-XLVI-4-W5-2021-181-2021

Ekström, T., Sundling, R., Burke, S., & Harderup, L.-E. (2021). Probabilistic risk analysis and building performance simulations – Building design optimisation and quantifying stakeholder consequences. Energy and Buildings, 252, 111434. https://doi.org/10.1016/j.enbuild.2021.111434 DOI: https://doi.org/10.1016/j.enbuild.2021.111434

García, F. Y. H., & Moreta, L. M. L. (2019). Maturity Model for the Risk Analysis of Information Assets based on Methodologies MAGERIT, OCTAVE y MEHARI; Focused on Shipping Companies. Applications in Software Engineering - Proceedings of the 7th International Conference on Software Process Improvement, CIMPS 2018, 29–39. https://doi.org/10.1109/CIMPS.2018.8625848

Gonzalez-Granadillo, G., Menesidou, S. A., Papamartzivanos, D., Romeu, R., Navarro-Llobet, D., Okoh, C., Nifakos, S., Xenakis, C., & Panaousis, E. (2021). Automated cyber and privacy risk management toolkit. Sensors, 21(16), 1–28. https://doi.org/10.3390/s21165493 DOI: https://doi.org/10.3390/s21165493

Hamdi, Z., Anir Norman, A., Nuha Abdul Molok, N., & Hassandoust, F. (2019). A Comparative Review of ISMS Implementation Based on ISO 27000 Series in Organizations of Different Business Sectors. Journal of Physics: Conference Series, 1339(1). https://doi.org/10.1088/1742-6596/1339/1/012103 DOI: https://doi.org/10.1088/1742-6596/1339/1/012103

Johnson, C. A., Flage, R., & Guikema, S. D. (2021). Feasibility study of PRA for critical infrastructure risk analysis. Reliability Engineering and System Safety, 212, 107643. https://doi.org/10.1016/j.ress.2021.107643 DOI: https://doi.org/10.1016/j.ress.2021.107643

Li, Y. (2022). Security and Risk Analysis of Financial Industry Based on the Internet of Things. Wireless Communications and Mobile Computing, 2022. https://doi.org/10.1155/2022/6343468 DOI: https://doi.org/10.1155/2022/6343468

Ma, X. (2022). IS professionals’ information security behaviors in Chinese IT organizations for information security protection. Information Processing and Management, 59(1), 102744. https://doi.org/10.1016/j.ipm.2021.102744 DOI: https://doi.org/10.1016/j.ipm.2021.102744

Oh, R., Lee, Y., Zhu, D., & Ahn, J. Y. (2021). Predictive risk analysis using a collective risk model: Choosing between past frequency and aggregate severity information. Insurance: Mathematics and Economics, 96, 127–139. https://doi.org/10.1016/j.insmatheco.2020.11.002 DOI: https://doi.org/10.1016/j.insmatheco.2020.11.002

Preidys, S., & Ramanauskait, S. (2021). applied sciences Educational Organization ’ s Security Level Estimation Model. DOI: https://doi.org/10.3390/app11178061

Roponen, J., Ríos Insua, D., & Salo, A. (2020). Adversarial risk analysis under partial information. European Journal of Operational Research, 287(1), 306–316. https://doi.org/10.1016/j.ejor.2020.04.037 DOI: https://doi.org/10.1016/j.ejor.2020.04.037

Sai Manoj, K., Mrudula, K., & Phani Srinivas, K. (2019). Risk factors and security issues in various cloud storage operations. International Journal of Innovative Technology and Exploring Engineering, 8(12), 311–320. https://doi.org/10.35940/ijitee.K1815.1081219 DOI: https://doi.org/10.35940/ijitee.K1815.1081219

Sasidharan, M., Burrow, M. P. N., Ghataora, G. S., & Marathu, R. (2022). A risk-informed decision support tool for the strategic asset management of railway track infrastructure. Proceedings of the Institution of Mechanical Engineers, Part F: Journal of Rail and Rapid Transit, 236(2), 183–197. https://doi.org/10.1177/09544097211038373 DOI: https://doi.org/10.1177/09544097211038373

Turk, Ž., Sonkor, M. S., & Klinc, R. (2022). Cybersecurity assessment of bim/cde design environment using cyber assessment framework. Journal of Civil Engineering and Management, 28(5), 349–364. https://doi.org/10.3846/jcem.2022.16682 DOI: https://doi.org/10.3846/jcem.2022.16682

Walkowski, M., Krakowiak, M., Oko, J., & Sujecki, S. (2020). Efficient algorithm for providing live vulnerability assessment in corporate network environment. Applied Sciences (Switzerland), 10(21), 1–16. https://doi.org/10.3390/app10217926 DOI: https://doi.org/10.3390/app10217926

Zhao, X., Chen, Q., Xue, J., Zhang, Y., & Zhao, J. (2019). A method for calculating network system security risk based on a lie group. IEEE Access, 7, 70610–70623. https://doi.org/10.1109/ACCESS.2019.2919141 DOI: https://doi.org/10.1109/ACCESS.2019.2919141

Zhu, T., Haugen, S., & Liu, Y. (2021). Risk information in decision-making: definitions, requirements and various functions. Journal of Loss Prevention in the Process Industries, 72, 104572. https://doi.org/10.1016/j.jlp.2021.104572 DOI: https://doi.org/10.1016/j.jlp.2021.104572






Research articles

How to Cite

Alarcon , J. A. (2023). Risk management model for information security. DecisionTech Review, 3, 1-6. https://doi.org/10.47909/dtr.05