Risk management and prevention methodologies: a comparison

Authors

  • Nancy Acevedo Universidad de Pamplona
  • Cristina Satizábal Universidad de Pamplona

DOI:

https://doi.org/10.18046/syt.v14i36.2214

Keywords:

Analysis, management, methodologies, prevention, risks.

Abstract

In this paper we analyze nine risk management and prevention methodologies, carrying out a comparison of the stages that they include and determining if they take into account the human factor in the risk analysis and treatment. We observe that only 42.85% of the studied management risk methodologies include this factor and conclude that the NIST [National Institute of Standards and Technology] Risk Management methodology is the most complete, although it would be desirable for it to focus more on the human factor like the IDB [Inter-American Development Bank] Corruption Diagnosis, Prevention and Control in Programs of Civic Security methodology. 

Author Biographies

  • Nancy Acevedo, Universidad de Pamplona

    Commercial and Systems Manager; Specialist in Project Management; and candidate to Magister in Informatics Project Management from Universidad de Pamplona (Colombia). Professor, OPS in the administrative area at the Basic Sciences Faculty, and member of LOGOS research group hotbed at the Universidad de Pamplona.

  • Cristina Satizábal, Universidad de Pamplona

    Electronics and Telecommunications Engineering from Universidad del Cauca (Colombia) and Ph.D in Telematics Engineering from Universidad Politécnica de Cataluña (España). Professor at the Telecommunications Engineering Program (Universidad de Pamplona) and member of the LOGOS research group.

References

Alberts, C., & Dorofee, A. (2001). An introduction to the octave method. Pittsburg, PA: Carnegie Mellon University.

AS/NZS 4360:1999 -Estándar Australiano, Administración de Riesgos. (1999). Retrieved form: http://www.bcu.gub.uy/Acerca-de-BCU/Concursos/Est%C3%A1ndar%20Australiano_Adm_Riesgos.pdf

Bandyopadhyay, K., Mykytyn, P. P., & Mykytyn, K. (1999). A framework for integrated risk management in information technology. Management Decision, 37(5), 437- 444.

Boge, K. (2001). A platform for risk analysis of security critical systems (CORAS. IST-2000-25031). Oslo, Norway: Norsk_Regnesentral.

Brantingham, P. J. & Faust, F. L. (1976). A conceptual model of crime prevention. Crime and Delinquency, 22(3), 284-296.

British Standards Institution [BSI]. (1991). Quality vocabulary (No. BS4778 [Part 3 Section 3.2 = IEC 1990 50(191)]). London, UK: BSI.

British Standards Institution [BSI]. (1999). BS7799-2. Information security management -part 2: specification for information security management systems. London, UK: BSI.

Campos, E. & Pradhan, S. (2007). The many faces of the corruption: tracking vulnerabilities at the sector level. Washington DC: World Bank.

Carnegie Corporation. (1957). Carnegie Commission on Preventing Deadly Conflict. Final report with executive summary. New York, NY: Carnegie Corporation.

Concha-EastMan, A. (2004). Violencia urbana en América Latina y el Caribe: dimensiones, explicaciones, acciones. In S. Rotker (Ed.), Ciudadanías del miedo (pp. 39-53.). Caracas, Venezuela: Rutgers.

Consejo Superior de Administración Electrónica (2012). MAGERIT versión 3. Metodología de análisis y gestión de riesgos de los sistemas de información.. Madrid, España: Ministerio de Hacienda y Administraciones Públicas.

Díaz-Aguado, M. J., Martínez-Arias, R., & Martín-Seoane, G. (2004). Prevención de la violencia y lucha contra la exclusión desde la adolescencia. In Volumen uno: La violencia entre Iguales en la escuela y en el ocio. estudios comparativos e instrumentos de valuación. Madrid, España: Instituto de la Juventud.

Douglas, M. (1990). Risk as a forensic resource. Daedalus, 119(4). Retrieved from: http://www.jstor.org/stable/20025335

Ekblom, P. (2003). The conjunction of criminal opportunity: a framework for crime reduction. London, UK: Home Office Crime and Policing Group.

Frosdick, S. (1997). The techniques of risk analysis are insufficient in themselves. Disaster Prevention and Management, 6(3), 165-177.

García-Mejía, M. (2010). Metodología para el diagnóstico, prevención y control de la corrupción en programas de seguridad ciudadana (No. Documento de Debate #IDB-DP-117). Washington, DC: Banco Interamericano de Desarrollo (BID).

García-Ospina, C. & Tobón-Correa, O. (2000). Promoción de la salud, prevención de la enfermedad, atención primaria en salud y plan de atención básica. ¿Qué los acerca? ¿Qué los separa? Hacia Promoción de la Salud, 5, 7-21.

Gerber, M., & Von Solms, R. (2005). Management of risk in the information age. Computer & Security, 24, 16-30.

Graham, J., & Bennett, T. (1995). Crime prevention strategies in Europe and North America (Vol. 28). Helsinki-New York: European Institute for Crime Prevention and Control.

Hayden, C., & Blaya, C. (2001). Violence et comportements agressifs dans les écoles anglaises. In E. Debarbieux & C. Blaya (Eds.), La violence en millieu scolaire-3- dix approaches en Europe (pp. 43-70.). Paris, France: ESF.

Huerta, A. (2012, April 2). Introducción al análisis de riesgos - metodologías (II) [blog security artwork]. Retrieved from: http://www.securityartwork.es/2012/04/02/introduccion-al-analisis-de-riesgos-%E2%80%93-metodologias-ii/

ISO/IEC_TR_13335-1. (1996). Information technology - guidelines for the management of it security - part 1: concepts and models for it security (1st ed.). Geneva, Switzerland: ISO/IEC.

Kailay, M. P., & Jarratt, P. (1995). RAMeX: a prototype expert system for computer security analysis and management. Computers and Security, 14, 449-463.

Khan-Pathan, A.S. (2010). The state of the art in intrusion prevention and detection. Kuala Lumpur, Malaysia: CRC.

Kirkwood, A. S. (1994). Why do we worry when scientists say there is no risk? Disaster Prevention and Management, 3(2), 15- 22.

Knepper, P. (2007). Criminology and social policy. London, UK: Sage.
Martínez, F., & Ruiz, J. (2001). Manual de gestión de riesgos sanitarios: Madrid, Spain: Diaz De Santos.

Mell, P., Kent, K., & Nusbaum, J. (2005). Guide to malware incident prevention and handling. Gaithersburg, MD: NIST.
Moses, R. H. (1992). Risk analysis and management. In K. M. Jackson & J. Hruska (Eds.), Computer security reference book. Oxford, UK: Butterworth-Heinemann.

National Institute of Standards and Technology [NIST]. (1995). An introduction to computer security. Washington DC: US Department of Commerce.

National Institute of Standards and Technology [NIST]. (2001). Risk management guide for information technology systems. Washington DC: US Department of Commerce.

NTC-ISO/IEC 27005: Tecnología de la información. Técnicas de seguridad. Gestión del riesgo en la seguridad de la Información. Bogotá, Colombia: ICONTEC.

Owens, S. (1998). Information security management: an introduction. London, UK: British Standards Institution.

Peyre, V. (1986). Introduction: elements d'un debat sur la prévention de la delinquance. Annales de Vaucresson, 1(24), 9-13.

Piper, S. (2011). Intrusion detection systems for dummies. Hoboken, NJ: Wiley.

Project Management Institute [PMI]. (2008). A guide to the project management body of knowledge (PMBOK Guide) (4ta ed.). Newtown Square, PA: PMI.

Qasem, M. (2013). Information technology risk assessment methodologies: current status and future directions. International Journal of Scientific & Engineering Research, 4(12), 966-972.

Ragmognino, N., FradJi, D., Soldini, F., & Vergés, P. (1997). L’École comme dispositive simbolique et les violences: le example de trois ecoles em Marseille. In B. Charlot & J. C. Émin (Eds.), Violences à l’école - État des Savoirs. Paris, France: Masson & Armand Colin.

Royal Society. (1992). Risk: analysis, perception and management. London, UK: The Royal Society.

Sánchez-Peña, M., Sánchez-Delgado, K., Agudelo-Ramírez, A. (2015). Estrategias lúdicas para aumentar el conocimiento de un grupo de adolescentes escolarizados sobre la gingivitis. Duazary, 12(2), 100-111.

Savona, E. U. (2004). Ipotesi per uno scenario della prevenzione. In R. Selmini (Ed.), (a cura di) la sicurezza urbana, (pp. 273-284). Bologna, Italy: Il Mulino.

Sigerist, H. (1951). A history of medicine: primitive and archaic medicine. New York, NY: Oxford University Press.

Strutt, J. (1993). Risk assessment and management: the engineering approach. Cranfield, UK: Cranfield University.

Tonry, M. & Farrington, D. (1995). Strategic approach to crime prevention. Crime and Justice, 19, 1-20. Retrieved from: http://www.jstor.org/stable/1147594

Vargas, I., Villegas, O., Sánchez, A., & Holthuis, K. (2003). Promoción, prevención y educación para la salud. San José, Costa Rica: EDNASSS. Available at: http://www.cendeisss.sa.cr/posgrados/modulos/Modulo2/Modulo_2.pdf

Walgrave, L., & De Cauter, F. (1986). Une tentative de clarification de la notion de prévention. Annales de Vaucresson, 1(24), 31-51.

Wallensteen, P. & Möller, F. (2003). Conflict prevention: methodology for knowing the unknown [Uppsala Peace Research Papers No. 7, Department of Peace and Conflict Research]. Sweden: Uppsala University. Retrieved from: http://www.pcr.uu.se/digitalAssets/61/61533_1prevention___knowing_the_unknown.pdf

Wallensteen, P. (2002). Understanding conflict resolution. London, UK: Sage.

Weiss, T. & Hubert, D. (2001). The responsibility to protect . Ottawa, ON: International Development Research Center. Available at: http://www.idrc.ca/EN/Resources/Publications/openebooks/963-1/index.html

Yu, E. (2004). Information systems (in the Internet age). In Practical Handbook of Internet Computing: Boca Raton, FL: CRC.

Downloads

Published

2016-03-30

Issue

Section

Discussion papers