TY - JOUR AU - Ramírez Castro, Alexandra AU - Ortiz Bayona, Zulima PY - 2011/12/18 Y2 - 2024/03/29 TI - Gestión de Riesgos tecnológicos basada en ISO 31000 e ISO 27005 y su aporte a la continuidad de negocios JF - Ingeniería JA - Ing. VL - 16 IS - 2 SE - Article DO - 10.14483/23448393.3833 UR - https://revistas.udistrital.edu.co/index.php/reving/article/view/3833 SP - 56-66 AB - <p>This document presents a methodology for technological risk management based on the ISO (International Organization for Standardization) 31000 and the ISO/IEC (International Electrotechnical Commission) 27005 standards, taking into account that in these, only the “what” is indicated (what is required for risk management) but they do not indicate the “how”, (how to achieve such management). It also includes recommendations and best practices from other international standards and guidelines for risk management, security and services management.</p><p>The methodology was developed for technological risk given the increased use of information technology and hence the greater chance of breaking points or security holes arising during its use. Therefore it accounts for a form of assurance and control over the technology infrastructure (physical layer), information systems (logic layer) and organizational measures (human factor), from the technological perspective. The second part considers the integration of the methodology into the bussiness continuity management, giving support to the business impact analysis and strategies development in regards to technology-based processes.</p> ER -