Risk management and prevention methodologies: a comparison

Nancy Acevedo, Cristina Satizábal

Abstract


In this paper we analyze nine risk management and prevention methodologies, carrying out a comparison of the stages that they include and determining if they take into account the human factor in the risk analysis and treatment. We observe that only 42.85% of the studied management risk methodologies include this factor and conclude that the NIST [National Institute of Standards and Technology] Risk Management methodology is the most complete, although it would be desirable for it to focus more on the human factor like the IDB [Inter-American Development Bank] Corruption Diagnosis, Prevention and Control in Programs of Civic Security methodology. 


Keywords


Analysis; management; methodologies; prevention; risks.

Full Text:

PDF

References


Alberts, C., & Dorofee, A. (2001). An introduction to the octave method. Pittsburg, PA: Carnegie Mellon University.

AS/NZS 4360:1999 -Estándar Australiano, Administración de Riesgos. (1999). Retrieved form: http://www.bcu.gub.uy/Acerca-de-BCU/Concursos/Est%C3%A1ndar%20Australiano_Adm_Riesgos.pdf

Bandyopadhyay, K., Mykytyn, P. P., & Mykytyn, K. (1999). A framework for integrated risk management in information technology. Management Decision, 37(5), 437- 444.

Boge, K. (2001). A platform for risk analysis of security critical systems (CORAS. IST-2000-25031). Oslo, Norway: Norsk_Regnesentral.

Brantingham, P. J. & Faust, F. L. (1976). A conceptual model of crime prevention. Crime and Delinquency, 22(3), 284-296.

British Standards Institution [BSI]. (1991). Quality vocabulary (No. BS4778 [Part 3 Section 3.2 = IEC 1990 50(191)]). London, UK: BSI.

British Standards Institution [BSI]. (1999). BS7799-2. Information security management -part 2: specification for information security management systems. London, UK: BSI.

Campos, E. & Pradhan, S. (2007). The many faces of the corruption: tracking vulnerabilities at the sector level. Washington DC: World Bank.

Carnegie Corporation. (1957). Carnegie Commission on Preventing Deadly Conflict. Final report with executive summary. New York, NY: Carnegie Corporation.

Concha-EastMan, A. (2004). Violencia urbana en América Latina y el Caribe: dimensiones, explicaciones, acciones. In S. Rotker (Ed.), Ciudadanías del miedo (pp. 39-53.). Caracas, Venezuela: Rutgers.

Consejo Superior de Administración Electrónica (2012). MAGERIT versión 3. Metodología de análisis y gestión de riesgos de los sistemas de información.. Madrid, España: Ministerio de Hacienda y Administraciones Públicas.

Díaz-Aguado, M. J., Martínez-Arias, R., & Martín-Seoane, G. (2004). Prevención de la violencia y lucha contra la exclusión desde la adolescencia. In Volumen uno: La violencia entre Iguales en la escuela y en el ocio. estudios comparativos e instrumentos de valuación. Madrid, España: Instituto de la Juventud.

Douglas, M. (1990). Risk as a forensic resource. Daedalus, 119(4). Retrieved from: http://www.jstor.org/stable/20025335

Ekblom, P. (2003). The conjunction of criminal opportunity: a framework for crime reduction. London, UK: Home Office Crime and Policing Group.

Frosdick, S. (1997). The techniques of risk analysis are insufficient in themselves. Disaster Prevention and Management, 6(3), 165-177.

García-Mejía, M. (2010). Metodología para el diagnóstico, prevención y control de la corrupción en programas de seguridad ciudadana (No. Documento de Debate #IDB-DP-117). Washington, DC: Banco Interamericano de Desarrollo (BID).

García-Ospina, C. & Tobón-Correa, O. (2000). Promoción de la salud, prevención de la enfermedad, atención primaria en salud y plan de atención básica. ¿Qué los acerca? ¿Qué los separa? Hacia Promoción de la Salud, 5, 7-21.

Gerber, M., & Von Solms, R. (2005). Management of risk in the information age. Computer & Security, 24, 16-30.

Graham, J., & Bennett, T. (1995). Crime prevention strategies in Europe and North America (Vol. 28). Helsinki-New York: European Institute for Crime Prevention and Control.

Hayden, C., & Blaya, C. (2001). Violence et comportements agressifs dans les écoles anglaises. In E. Debarbieux & C. Blaya (Eds.), La violence en millieu scolaire-3- dix approaches en Europe (pp. 43-70.). Paris, France: ESF.

Huerta, A. (2012, April 2). Introducción al análisis de riesgos - metodologías (II) [blog security artwork]. Retrieved from: http://www.securityartwork.es/2012/04/02/introduccion-al-analisis-de-riesgos-%E2%80%93-metodologias-ii/

ISO/IEC_TR_13335-1. (1996). Information technology - guidelines for the management of it security - part 1: concepts and models for it security (1st ed.). Geneva, Switzerland: ISO/IEC.

Kailay, M. P., & Jarratt, P. (1995). RAMeX: a prototype expert system for computer security analysis and management. Computers and Security, 14, 449-463.

Khan-Pathan, A.S. (2010). The state of the art in intrusion prevention and detection. Kuala Lumpur, Malaysia: CRC.

Kirkwood, A. S. (1994). Why do we worry when scientists say there is no risk? Disaster Prevention and Management, 3(2), 15- 22.

Knepper, P. (2007). Criminology and social policy. London, UK: Sage.

Martínez, F., & Ruiz, J. (2001). Manual de gestión de riesgos sanitarios: Madrid, Spain: Diaz De Santos.

Mell, P., Kent, K., & Nusbaum, J. (2005). Guide to malware incident prevention and handling. Gaithersburg, MD: NIST.

Moses, R. H. (1992). Risk analysis and management. In K. M. Jackson & J. Hruska (Eds.), Computer security reference book. Oxford, UK: Butterworth-Heinemann.

National Institute of Standards and Technology [NIST]. (1995). An introduction to computer security. Washington DC: US Department of Commerce.

National Institute of Standards and Technology [NIST]. (2001). Risk management guide for information technology systems. Washington DC: US Department of Commerce.

NTC-ISO/IEC 27005: Tecnología de la información. Técnicas de seguridad. Gestión del riesgo en la seguridad de la Información. Bogotá, Colombia: ICONTEC.

Owens, S. (1998). Information security management: an introduction. London, UK: British Standards Institution.

Peyre, V. (1986). Introduction: elements d'un debat sur la prévention de la delinquance. Annales de Vaucresson, 1(24), 9-13.

Piper, S. (2011). Intrusion detection systems for dummies. Hoboken, NJ: Wiley.

Project Management Institute [PMI]. (2008). A guide to the project management body of knowledge (PMBOK Guide) (4ta ed.). Newtown Square, PA: PMI.

Qasem, M. (2013). Information technology risk assessment methodologies: current status and future directions. International Journal of Scientific & Engineering Research, 4(12), 966-972.

Ragmognino, N., FradJi, D., Soldini, F., & Vergés, P. (1997). L’École comme dispositive simbolique et les violences: le example de trois ecoles em Marseille. In B. Charlot & J. C. Émin (Eds.), Violences à l’école - État des Savoirs. Paris, France: Masson & Armand Colin.

Royal Society. (1992). Risk: analysis, perception and management. London, UK: The Royal Society.

Sánchez-Peña, M., Sánchez-Delgado, K., Agudelo-Ramírez, A. (2015). Estrategias lúdicas para aumentar el conocimiento de un grupo de adolescentes escolarizados sobre la gingivitis. Duazary, 12(2), 100-111.

Savona, E. U. (2004). Ipotesi per uno scenario della prevenzione. In R. Selmini (Ed.), (a cura di) la sicurezza urbana, (pp. 273-284). Bologna, Italy: Il Mulino.

Sigerist, H. (1951). A history of medicine: primitive and archaic medicine. New York, NY: Oxford University Press.

Strutt, J. (1993). Risk assessment and management: the engineering approach. Cranfield, UK: Cranfield University.

Tonry, M. & Farrington, D. (1995). Strategic approach to crime prevention. Crime and Justice, 19, 1-20. Retrieved from: http://www.jstor.org/stable/1147594

Vargas, I., Villegas, O., Sánchez, A., & Holthuis, K. (2003). Promoción, prevención y educación para la salud. San José, Costa Rica: EDNASSS. Available at: http://www.cendeisss.sa.cr/posgrados/modulos/Modulo2/Modulo_2.pdf

Walgrave, L., & De Cauter, F. (1986). Une tentative de clarification de la notion de prévention. Annales de Vaucresson, 1(24), 31-51.

Wallensteen, P. & Möller, F. (2003). Conflict prevention: methodology for knowing the unknown [Uppsala Peace Research Papers No. 7, Department of Peace and Conflict Research]. Sweden: Uppsala University. Retrieved from: http://www.pcr.uu.se/digitalAssets/61/61533_1prevention___knowing_the_unknown.pdf

Wallensteen, P. (2002). Understanding conflict resolution. London, UK: Sage.

Weiss, T. & Hubert, D. (2001). The responsibility to protect . Ottawa, ON: International Development Research Center. Available at: http://www.idrc.ca/EN/Resources/Publications/openebooks/963-1/index.html

Yu, E. (2004). Information systems (in the Internet age). In Practical Handbook of Internet Computing: Boca Raton, FL: CRC.




DOI: http://dx.doi.org/10.18046/syt.v14i36.2214

Refbacks

  • There are currently no refbacks.

Comments on this article

View all comments