Concepto y Enfoques sobre el Análisis y la Gestión Dinámica del Riesgo en Sistemas de Información

La aplicacion de procesos de Analisis y Gestion de Riesgos en el ambito de los Sistemas de Informacion, es una practica comun que permite la planificacion en un momento puntual de tiempo de las acciones preventivas frente al riesgo a corto, medio o largo plazo, pero con un considerable potencial actualmente desaprovechado, para facilitar la toma de decisiones en tiempo real frente a eventos o incidentes de seguridad. Este trabajo hace un recorrido por las principales corrientes que buscan sacar partido a este potencial, englobadas principalmente bajo el concepto de Analisis de Riesgos Dinamico, cuyo principio es la actualizacion incesante de los parametros que intervienen en el calculo del riesgo para la optimizacion de su tratamiento posterior. Finalmente, se proponen las posibles tendencias futuras para la mejora en este ambito.

[1]  Indrajit Ray,et al.  Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.

[2]  V. Vittal,et al.  Online Risk-Based Security Assessment , 2002, IEEE Power Engineering Review.

[3]  H. K. Huang,et al.  Online Risk Assessment of Intrusion Scenarios Using D-S Evidence Theory , 2008, ESORICS.

[4]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[5]  Kelly M. Kavanagh,et al.  Magic Quadrant for Security Information and Event Management , 2011 .

[6]  Ram Dantu,et al.  Classification of Attributes and Behavior in Risk Management Using Bayesian Networks , 2007, 2007 IEEE Intelligence and Security Informatics.

[7]  Li Zhang,et al.  A Dynamic Risk Assessment Framework Using Principle Component Analysis with Projection Pursuit in Ad Hoc Networks , 2010, 2010 7th International Conference on Ubiquitous Intelligence & Computing and 7th International Conference on Autonomic & Trusted Computing.

[8]  Luc Beaudoin Autonomic computer network defence using risk states and reinforcement learning , 2009 .

[9]  Zhenyu Yan,et al.  Analysis of Interdependencies and Risk in Oil & Gas Infrastructure Systems , 2007 .

[10]  Yacov Y Haimes,et al.  A comprehensive Network Security Risk Model for process control networks. , 2009, Risk analysis : an official publication of the Society for Risk Analysis.

[11]  Ashish Gehani,et al.  RheoStat: Real-Time Risk Management , 2004, RAID.

[12]  Xue Liu,et al.  Dynamic Assessment and VaR-Based Quantification of Information Security Risk , 2010, 2010 2nd International Conference on E-business and Information System Security.

[13]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[14]  Ram Dantu,et al.  Risk management using behavior based attack graphs , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[15]  Jeffrey L. Hieb,et al.  Cyber security risk assessment for SCADA and DCS networks. , 2007, ISA transactions.

[16]  Svein J. Knapskog,et al.  Real-Time Risk Assessment with Network Sensors and Intrusion Detection Systems , 2005, CIS.

[17]  Morton Swimmer Using the danger model of immune systems for distributed defense in modern data networks , 2007, Comput. Networks.

[18]  Ajith Abraham,et al.  DIPS: A Framework for Distributed Intrusion Prediction and Prevention Using Hidden Markov Models and Online Fuzzy Risk Assessment , 2007 .

[19]  Matthew Henry,et al.  Risk Analysis in Interdependent Infrastructures , 2007, Critical Infrastructure Protection.

[20]  Jie Ma,et al.  A Fusion Model for Network Threat Identification and Risk Assessment , 2009, 2009 International Conference on Artificial Intelligence and Computational Intelligence.