Abstract
The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets. The availability of these systems is now vital for the protection and evolution of companies. However, several factors have led to an increasing need for more accurate risk analysis approaches. These are: the speed at which technologies evolve, their global impact and the growing requirement for companies to collaborate. Risk analysis processes must consequently adapt to these new circumstances and new technological paradigms. The objective of this paper is, therefore, to present the results of an exhaustive analysis of the techniques and methods offered by the scientific community with the aim of identifying their main weaknesses and providing a new risk assessment and management process. This analysis was carried out using the systematic review protocol and found that these proposals do not fully meet these new needs. The paper also presents a summary of MARISMA, the risk analysis and management framework designed by our research group. The basis of our framework is the main existing risk standards and proposals, and it seeks to address the weaknesses found in these proposals. MARISMA is in a process of continuous improvement, as is being applied by customers in several European and American countries. It consists of a risk data management module, a methodology for its systematic application and a tool that automates the process.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Hussain A, Mohamed A, Razali S. A review on cybersecurity: challenges & emerging threats. In: Proceedings of the 3rd International Conference on Networking, Information Systems & Security, 2020, 28
Hölbl M, Welzer T. Experience with teaching cybersecurity. In: Proceedings of the 27th EAEEIE Annual Conference (EAEEIE). 2017, 1–4
Toapanta S M T, Gurumendi A J, Gallegos L E M. An approach of national and international cybersecurity laws and standards to mitigate information risks in public organizations of Ecuador. In: Proceedings of the 2nd International Conference on Education Technology Management. 2019, 61–66
Shamala P, Ahmad R, Zolait A, Sedek M. Integrating information quality dimensions into information security risk management (ISRM). Journal of Information Security and Applications, 2017, 36: 1–10
Mirtsch M, Blind K, Koch C, Dudek G. Information security management in ICT and non-ICT sector companies: a preventive innovation perspective. Computers & Security, 2021, 109: 102383
Hentea M. Security management. In: Hentea M, ed. Building an Effective Security Program for Distributed Energy Resources and Systems: Understanding Security for Smart Grid and Distributed Energy Resources and Systems, Volume 1. Wiley, 2021, 405–436
Kumah P. The role of human resource management in enhancing organizational information systems security. In: Misra S, Adewumi A, eds. Handbook of Research on the Role of Human Factors in IT Project Management. Hershey, PA, USA: IGI Global, 2019, 278–303
Lee H, Han C, Yoo T. The application of mistake-proofing to organisational security management. Total Quality Management & Business Excellence, 2019, 30(9–10): 1151–1166
Li F, Chen T, Wang B, Zhang J, Qing S. Research on information security technology of mobile application in electric power industry. In: Proceedings of 2020 Asia-Pacific Conference on Image Processing, Electronics and Computers (IPEC). 2020, 51–54
Nasir A, Arshah R A, Hamid M R A, Fahmy S. An analysis on the dimensions of information security culture concept: a review. Journal of Information Security and Applications, 2019, 44: 12–22
Khando K, Gao S, Islam S M, Salman A. Enhancing employees information security awareness in private and public organisations: a systematic literature review. Computers & Security, 2021, 106: 102267
Ganin A A, Quach P, Panwar M, Collier Z A, Keisler J M, Marchese D, Linkov I. Multicriteria decision framework for cybersecurity risk assessment and management. Risk Analysis, 2020, 40(1): 183–199
van der Schyff K, Flowerday S. Mediating effects of information security awareness. Computers & Security, 2021, 106: 102313
Prajanti A D, Ramli K. A proposed framework for ranking critical information assets in information security risk assessment using the OCTAVE allegro method with decision support system methods. In: Proceedings of the 34th International Technical Conference on Circuits/Systems, Computers and Communications (ITC-CSCC). 2019, 1–4
Chopra A, Chaudhary M. The need for information security. In: Chopra A, Chaudhary M, eds. Implementing an Information Security Management System: Security Management Based on ISO 27001 Guidelines. Berkeley, CA: Apress, 2020, 1–20
Grishaeva S A, Borzov V I. Information security risk management. In: Proceedings of 2020 International Conference Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS). 2020, 96–98
Zaini M K, Masrek M N, Abdullah Sani M K J. The impact of information security management practices on organisational agility. Information and Computer Security, 2020, 28(5): 681–700
Kiedrowicz M, Stanik J. Method for assessing efficiency of the information security management system. MATEC Web of Conferences, 2018, 210: 04011
Sanchez L E, Santos-Olmo A, Fernandez-Medina E, Piattini M. ISMS building for SMEs through the reuse of knowledge. In: Management Association I R, ed. Small and Medium Enterprises: Concepts, Methodologies, Tools, and Applications. Hershey, PA, USA: IGI Global, 2013, 394–419
Santos-Olmo A, Sanchez L E, Caballero I, Camacho S, Fernandez-Medina E. The importance of the security culture in SMEs as regards the correct management of the security of their assets. Future Internet, 2016, 8(3): 30
Wangen G, Hallstensen C, Snekkenes E. A framework for estimating information security risk assessment method completeness. International Journal of Information Security, 2018, 17(6): 681–699
Achmadi D, Suryanto Y, Ramli K. On developing information security management system (ISMS) framework for ISO 27001-based data center. In: Proceedings of 2018 International Workshop on Big Data and Information Security (IWBIS). 2018, 149–157
Jeong C Y, Lee S Y T, Lim J H. Information security breaches and IT security investments: impacts on competitors. Information & Management, 2019, 56(5): 681–695
Uchendu B, Nurse J R C, Bada M, Furnell S. Developing a Cyber Security culture: current practices and future needs. Computers & Security, 2021, 109: 102387
Casola V, Catelli R, De Benedictis A. A first step towards an ISO-based information security domain ontology. In: Proceedings of the 28th IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE). 2019, 334–339
Shameli-Sendi A. An efficient security data-driven approach for implementing risk assessment. Journal of Information Security and Applications, 2020, 54: 102593
Putra I M M, Mutijarsa K. Designing information security risk management on Bali regional police command center based on ISO 27005. In: Proceedings of the 3rd East Indonesia Conference on Computer and Information Technology (EIConCIT). 2021, 14–19
Hariyanti E, Djunaidy A, Siahaan D O. A conceptual model for information security risk considering business process perspective. In: Proceedings of the 4th International Conference on Science and Technology (ICST). 2018, 1–6
Szwaczyk S, Wrona K, Amanowicz M. Applicability of risk analysis methods to risk-aware routing in software-defined networks. In: Proceedings of 2018 International Conference on Military Communications and Information Systems (ICMCIS). 2018, 1–7
Ruan K. Introducing cybernomics: a unifying economic framework for measuring cyber risk. Computers & Security, 2017, 65: 77–89
Dobaj J, Schmittner C, Krisper M, Macher G. Towards integrated quantitative security and safety risk assessment. In: Proceedings of 2019 International Conference on Computer Safety, Reliability, and Security. 2019, 102–116
Sönmez F Ö, Kılıç B G. A decision support system for optimal selection of enterprise information security preventative actions. IEEE Transactions on Network and Service Management, 2021, 18(3): 3260–3279
Tiganoaia B, Niculescu A, Negoita O, Popescu M. A new sustainable model for risk management—RiMM. Sustainability, 2019, 11(4): 1178
Amutio M A, Candau J, Manas J A. MAGERIT-version 3.0 Methodology for information systems risk analysis and management. Ministry of Finance and Public Administration, 2014
Ali M L, Thakur K, Atobatele B. Challenges of cyber security and the emerging trends. In: Proceedings of 2019 ACM International Symposium on Blockchain and Secure Critical Infrastructure. 2019, 107–112
Khambhammettu H, Boulares S, Adi K, Logrippo L. A framework for risk assessment in access control systems. Computers & Security, 2013, 39: 86–103
Jouini M, Rabai L B A. A security risk management model for cloud computing systems: infrastructure as a service. In: Proceedings of the10th International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage. 2017, 594–608
Weil T. Risk assessment methods for cloud computing platforms. In: Proceedings of the 43rd IEEE Annual Computer Software and Applications Conference (COMPSAC). 2019, 545–547
Brunner M, Sauerwein C, Felderer M, Breu R. Risk management practices in information security: exploring the status quo in the DACH region. Computers & Security, 2020, 92: 101776
Zakaria H, Abu Bakar N A, Hassan N H, Yaacob S. IoT security risk management model for secured practice in healthcare environment. Procedia Computer Science, 2019, 161: 1241–1248
Zhang Z. A new method for information security risk management in big data environment. In: Proceedings of the 2nd International Conference on Information Technology and Computer Application (ITCA). 2020, 1–4
Fu Y, Zhu J, Gao S. CPS information security risk evaluation system based on petri net. In: Proceedings of the 2nd IEEE International Conference on Data Science in Cyberspace (DSC). 2017, 541–548
Mokalled H, Pragliola C, Debertol D, Meda E, Zunino R. A comprehensive framework for the security risk management of cyber-physical systems. In: Flammini F, ed. Resilience of Cyber-Physical Systems: From Risk Modelling to Threat Counteraction. Cham: Springer International Publishing, 2019, 49–68
Chen J, Zhu Q. Interdependent strategic security risk management with bounded rationality in the internet of things. IEEE Transactions on Information Forensics and Security, 2019, 14(11): 2958–2971
Capodieci A, Mainetti L, Dipietrangelo F. Model-driven approach to cyber risk analysis in industry 4.0. In: Proceedings of the 10th International Conference on Information Systems and Technologies. 2020, 33
Malik V, Singh S. Security risk management in IoT environment. Journal of Discrete Mathematical Sciences and Cryptography, 2019, 22(4): 697–709
Govender S G, Kritzinger E, Loock M. A framework and tool for the assessment of information security risk, the reduction of information security cost and the sustainability of information security culture. Personal and Ubiquitous Computing, 2021, 25(5): 927–940
Javaid M I, Iqbal M M W. A comprehensive people, process and technology (PPT) application model for Information Systems (IS) risk management in small/medium enterprises (SME). In: Proceedings of 2017 International Conference on Communication Technologies (ComTech). 2017, 78–90
Paltrinieri N, Reniers G. Dynamic risk analysis for Seveso sites. Journal of Loss Prevention in the Process Industries, 2017, 49: 111–119
Affia A A O, Matulevičius R, Nolte A. Security risk management in cooperative intelligent transportation systems: a systematic literature review. In: Proceedings of 2019 OTM Confederated International Conferences “On the Move to Meaningful Internet Systems”. 2019, 282–300
Genchev P G. Analysis of changes in the probability of an incident with information security. In: Proceedings of the 56th International Scientific Conference on Information, Communication and Energy Systems and Technologies (ICEST). 2021, 119–122
Kitchenham B, Charters S. Guidelines for performing systematic literature reviews in software engineering. 2007
Kitchenham B, Brereton P. A systematic review of systematic review process research in software engineering. Information and Software Technology, 2013, 55(12): 2049–2075
Barat S, Clark T, Barn B, Kulkarni V. A model-based approach to systematic review of research literature. In: Proceedings of the 10th Innovations in Software Engineering Conference. 2017, 15–25
Barn B, Barat S, Clark T. Conducting systematic literature reviews and systematic mapping studies. In: Proceedings of the 10th Innovations in Software Engineering Conference. 2017, 212–213
Lo C C, Chen W J. A hybrid information security risk assessment procedure considering interdependences between controls. Expert Systems with Applications, 2012, 39(1): 247–257
Wulan M, Petrovic D. A fuzzy logic based system for risk analysis and evaluation within enterprise collaborations. Computers in Industry, 2012, 63(8): 739–748
Deb R, Roy S. A Software Defined Network information security risk assessment based on Pythagorean fuzzy sets. Expert Systems with Applications, 2021, 183: 115383
Zhang H, Sun Q. An integrated approach to risk assessment for special line shunting via fuzzy theory. Symmetry, 2018, 10(11): 599
Saleh M S, Alfantookh A. A new comprehensive framework for enterprise information security risk management. Applied Computing and Informatics, 2011, 9(2): 107–118
Alhawari S, Karadsheh L, Nehari Talet A, Mansour E. Knowledge-based risk management framework for information technology project. International Journal of Information Management, 2012, 32(1): 50–65
Shamala P, Ahmad R, Yusoff M. A conceptual framework of info structure for information security risk assessment (ISRA). Journal of Information Security and Applications, 2013, 18(1): 45–52
Khan F, Hashemi S J, Paltrinieri N, Amyotte P, Cozzani V, Reniers G. Dynamic risk management: a contemporary approach to process safety management. Current Opinion in Chemical Engineering, 2016, 14: 9–17
Sangaiah A K, Samuel O W, Li X, Abdel-Basset M, Wang H. Towards an efficient risk assessment in software projects-Fuzzy reinforcement paradigm. Computers & Electrical Engineering, 2018, 71: 833–846
Panchal D, Singh A K, Chatterjee P, Zavadskas E K, Keshavarz-Ghorabaee M. A new fuzzy methodology-based structured framework for RAM and risk analysis. Applied Soft Computing, 2019, 74: 242–254
Schmitz C, Pape S. LiSRA: Lightweight Security Risk Assessment for decision support in information security. Computers & Security, 2020, 90: 101656
Lamine E, Thabet R, Sienou A, Bork D, Fontanili F, Pingaud H. BPRIM: an integrated framework for business process management and risk management. Computers in Industry, 2020, 117: 103199
Feng N, Li M. An information systems security risk assessment model under uncertain environment. Applied Soft Computing, 2011, 11(7): 4332–4340
Ou Yang Y P, Shieh H M, Tzeng G H. A VIKOR technique based on DEMATEL and ANP for information security risk control assessment. Information Sciences, 2013, 232: 482–500
Feng N, Wang H J, Li M. A security risk analysis model for information systems: causal relationships of risk factors and vulnerability propagation analysis. Information Sciences, 2014, 256: 57–73
Wang L, Wang B, Peng Y. Research the information security risk assessment technique based on Bayesian network. In: Proceedings of the 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE). 2010
Webb J, Ahmad A, Maynard S B, Shanks G. A situation awareness model for information security risk management. Computers & Security, 2014, 44: 1–15
Tubío Figueira P, López Bravo C, Rivas López J L. Improving information security risk analysis by including threat-occurrence predictive models. Computers & Security, 2020, 88: 101609
Khan F, Kim J H, Mathiassen L, Moore R. Data breach management: an integrated risk model. Information & Management, 2021, 58(1): 103392
Schmidt A, Albert L A, Zheng K. Risk management for cyber-infrastructure protection: a bi-objective integer programming approach. Reliability Engineering & System Safety, 2021, 205: 107093
Cherdantseva Y, Burnap P, Nadjm-Tehrani S, Jones K. A configurable dependency model of a SCADA system for goal-oriented risk assessment. Applied Sciences, 2022, 12(10): 4880
Vicente E, Mateos A, Jiménez-Martín A. Risk analysis in information systems: a fuzzification of the MAGERIT methodology. Knowledge-Based Systems, 2014, 66: 1–12
Mandal S, Maiti J. Risk analysis using FMEA: fuzzy similarity value and possibility theory based approach. Expert Systems with Applications, 2014, 41(7): 3527–3537
van Staalduinen M A, Khan F, Gadag V, Reniers G. Functional quantitative security risk analysis (QSRA) to assist in protecting critical process infrastructure. Reliability Engineering & System Safety, 2017, 157: 23–34
Abdo H, Kaouk M, Flaus J M, Masse F. A safety/security risk analysis approach of Industrial Control Systems: a Cyber Bowtie–combining new version of attack tree with bowtie analysis. Computers & Security, 2018, 72: 175–195
Sicari S, Rizzardi A, Miorandi D, Coen-Porisini A. A risk assessment methodology for the Internet of Things. Computer Communications, 2018, 129: 67–79
Armenia S, Angelini M, Nonino F, Palombi G, Schlitzer M F. A dynamic simulation approach to support the evaluation of cyber risks and security investments in SMEs. Decision Support Systems, 2021, 147: 113580
Bozkuş E, Kaya İ, Yakut M. A fuzzy based model proposal on risk analysis for human-robot interactive systems. In: Proceedings of 2022 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA). 2022, 1–6
Sato H. A new formula of security risk analysis that takes risk improvement factor into account. In: Proceedings of the IEEE Third International Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third International Conference on Social Computing. 2011, 1243–1248
Munodawafa F, Awad A I. Security risk assessment within hybrid data centers: a case study of delay sensitive applications. Journal of Information Security and Applications, 2018, 43: 61–72
Scala N M, Reilly A C, Goethals P L, Cukier M. Risk and the five hard problems of Cybersecurity. Risk Analysis, 2019, 39(10): 2119–2126
Li Q, Lv P, Wang M, Zhang Z, Wang S, Fang P, Gao L. A risk assessment method of smart grid in cloud computing environment based on game theory. In: Proceedings of the 5th IEEE International Conference on Cloud Computing and Big Data Analytics (ICCCBDA). 2020, 67–72
Malik V, Singh S. Intelligent strategies for cloud computing risk management and testing. In: Proceedings of ICMDE 2020 Computational Methods and Data Engineering. 2020, 101–114
Volkov A I, Semin V G, Khakimullin E R. Modeling the structures of threats to information security risks based on a fuzzy approach. In: Proceedings of 2020 International Conference Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS). 2020, 132–135
Petrescu A G, Postole M A, Ciobanasu M. The international experience in security risk analysis methods. In: Oncioiu I, ed. Network Security and its Impact on Business Strategy. Hershey, PA, USA: IGI Global, 2019, 157–169
Khosravi-Farmad M, Ghaemi-Bafghi A. Bayesian decision network-based security risk management framework. Journal of Network and Systems Management, 2020, 28(4): 1794–1819
Genchev P. An approach to support information security risk assessment. In: Proceedings of 2020 International Conference on Biomedical Innovations and Applications (BIA). 2020, 125–128
Burnap P, Cherdantseva Y, Blyth A, Eden P, Jones K, Soulsby H, Stoddart K. Determining and sharing risk data in distributed interdependent systems. Computer, 2017, 50(4): 72–79
Tagarev T. Towards the design of a collaborative cybersecurity networked organisation: identification and prioritisation of governance needs and objectives. Future Internet, 2020, 12(4): 62
Kuzminykh I, Ghita B, Sokolov V, Bakhshi T. Information security risk assessment. Encyclopedia, 2021, 1(3): 602–617
Lee I. Cybersecurity: risk management framework and investment cost analysis. Business Horizons, 2021, 64(5): 659–671
Arafah M, Bakry S H, Al-Dayel R, Faheem O. Exploring cybersecurity metrics for strategic units: a generic framework for future work. In: Proceedings of 2019 Future of Information and Communication Conference on Information and Communication. 2020, 881–891
Kotenko I, Doynikova E, Chechulin A, Fedorchenko A. AI- and metrics-based vulnerability-centric cyber security assessment and countermeasure selection. In: Parkinson S, Crampton A, Hill R, eds. Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach. Cham: Springer International Publishing, 2018, 101–130
Piromsopa K, Klima T, Pavlik L. Designing model for calculating the amount of cyber risk insurance. In: Proceedings of the 4th International Conference on Mathematics and Computers in Sciences and in Industry (MCSI). 2017, 196–200
Stergiopoulos G, Gritzalis D, Kouktzoglou V. Using formal distributions for threat likelihood estimation in cloud-enabled IT risk assessment. Computer Networks, 2018, 134: 23–45
Abbass W, Baina A, Bellafkih M. Using EBIOS for risk management in critical information infrastructure. In: Proceedings of the 5th World Congress on Information and Communication Technologies (WICT). 2015, 107–112
Oppliger R, Pernul G, Katsikas S. New frontiers: assessing and managing security risks. Computer, 2017, 50(4): 48–51
Garcia-Porras C, Huamani-Pastor S, Armas-Aguirre J. Information security risk management model for Peruvian SMEs. In: Proceedings of 2018 IEEE Sciences and Humanities International Research Conference (SHIRCON). 2018, 1–5
Wagner P, Hansch G, Konrad C, John K H, Bauer J, Franke J. Applicability of security standards for operational technology by SMEs and large enterprises. In: Proceedings of the 25th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA). 2020, 1544–1551
Skrodelis H K, Strebko J, Romanovs A. The information system security governance tasks in small and medium enterprises. In: Proceedings of the 61st International Scientific Conference on Information Technology and Management Science of Riga Technical University (ITMS). 2020, 1–4
Antunes M, Maximiano M, Gomes R, Pinto D. Information security and cybersecurity management: a case study with SMEs in Portugal. Journal of Cybersecurity and Privacy, 2021, 1(2): 219–238
Gill A K, Zavarsky P, Swar B. Automation of security and privacy controls for efficient information security management. In: Proceedings of the 2nd International Conference on Secure Cyber Computing and Communications (ICSCCC). 2021, 371–375
Acknowledgements
This work has been developed within the AETHER-UCLM (PID2020-112540RB-C42) funded by MCIN/AEI/10.13039/501100011033, Spain, ALBA-UCLM (TED2021-130355B-C31, id.4809130355-130355-28-521) and ALBA-UC (TED2021-130355B- C33, id.3611130630-130630-28-521) funded by the “Ministerio de Ciencia e Innovacion”, Spain, and supported by the European Union’s Horizon 2020 Project “CyberSANE” under Grant Agreement No. 833683. We are grateful to the following companies for their support: Sicaman Nuevas Tecnologías S.L. and Marisma Shield S.L., since they have facilitated the validation of case studies and the use of the eMARISMA tool.
Funding
Funding note Open Access funding provided thanks to the CRUE-CSIC agreement with Springer Nature
Author information
Authors and Affiliations
Corresponding author
Additional information
Antonio Santos-Olmo holds a PhD in Computer Science from the University of Castilla-La Mancha, Spain and an MSc in Information Systems Audit from the Polytechnic University of Madrid, Spain. He is also an ISACA Certified Information System Auditor. He is an Assistant Professor at the Escuela Superior de Informática of the University of Castilla-La Mancha in Ciudad Real, Spain. His research activities are management security system, security metrics, data mining, data cleaning, and business intelligence. He is a member of the GSyA research group at the University of Castilla-La Mancha.
Luis Enrique Sánchez holds a PhD in Computer Science from the University of Castilla-La Mancha, Spain, and an MSc in Computer Information Systems Audit from the Polytechnic University of Madrid, Spain. He is an Associate Professor at the Escuela Superior de Informática of the University of Castilla-La Mancha in Ciudad Real, Spain. His research lines are focused on cybersecurity and risk assessment and management. He is a member of the GSyA research group at the University of Castilla-La Mancha.
David G. Rosado has an MSc and a PhD in Computer Science from the University of Málaga, Spain and from the University of Castilla-La Mancha, Spain, respectively. He is an Associate Professor at the Escuela Superior de Informática of Castilla-La Mancha University in Ciudad Real, Spain. His research activities are focused on security for Information Systems and Cloud Computing. He is a member of the GSyA research group at the University of Castilla-La Mancha.
Manuel A. Serrano holds an MSc and a PhD in Computer Science from the University of Castilla-La Mancha, Spain. He is an Associate Professor at the Escuela Superior de Informática of Castilla-La Mancha University in Ciudad Real, Spain. His research interests are cybersecurity (especially in Big Data and IoT), data quality, software quality and measurement and business intelligence. He is member of the Alarcos Research Group at the University of Castilla-La Mancha. His e-mail address is manuel.serrano@uclm.es.
Carlos Blanco holds a PhD in Computer Science from the University of Castilla-La Mancha, Spain. He is an Associate Professor at the University of Cantabria, Spain and is a member of several research groups: GSyA (University of Castilla-La Mancha) and ISTR (University of Cantabria), Spain. His research lines are Security for Information Systems but focused on Big Data, Data Warehouses and OLAP systems by using MDE approaches.
Haralambos Mouratidis is Director of the Institute for Analytics and Data Science (IADS) and a Professor at the School of Computer Science and Electronic Engineering, University of Essex, UK. He holds a BEng (Hons) from the University of Wales, Swansea, UK, and an MSc and a PhD from the University of Sheffield, UK. He is also a Fellow of the Higher Education Academy (HEA) and a Professional Member of the British Computer Society (BCS). His research interests lie in the area of secure software systems engineering, requirements engineering, and information systems development.
Eduardo Fernández-Medina holds a PhD in Computer Science from the University of Castilla-La Mancha, Spain. He is a Full Professor at the Escuela Superior de Informática of the University of Castilla-La Mancha in Ciudad Real, Spain. His research activity deals with security in information systems, and particularly in security in big data, Cloud Computing and CPS. He leads the GSyA research group at the University of Castilla-La Mancha.
Electronic Supplementary Material
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made.
The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
To view a copy of this licence, visit creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Santos-Olmo, A., Sánchez, L.E., Rosado, D.G. et al. Towards an integrated risk analysis security framework according to a systematic analysis of existing proposals. Front. Comput. Sci. 18, 183808 (2024). https://doi.org/10.1007/s11704-023-1582-6
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11704-023-1582-6