Vulnerabilidades y amenazas en los activos de información: una revisión sistemática

Evellyn Milles Duval Guevara-Vega; Jose Ricardo  Delgado-Deza; Alberto Carlos Mendoza-de-los-Santos

doi:10.51252/rcsi.v3i1.461

Authors

Evellyn Milles Duval Guevara-Vega Universidad Nacional de Trujillo https://orcid.org/0000-0002-0879-5819
Jose Ricardo Delgado-Deza Universidad Nacional de Trujillo https://orcid.org/0000-0003-0777-0107
Alberto Carlos Mendoza-de-los-Santos Universidad Nacional de Trujillo https://orcid.org/0000-0002-0469-915X

DOI:

https://doi.org/10.51252/rcsi.v3i1.461

Keywords:

information assets, threats, cryptography, information security, vulnerabilities

Abstract

With the advancement of time and technology, the security that was previously protected has been affected by multiple attacks, which in a certain sense were thought to be minor but, nowadays, it is necessary for the data to be controlled. These assets will be implicated by vulnerabilities and threats, which in order to defend themselves will require the question of this systematic review: Is it important to identify vulnerabilities and threats in information assets? Therefore, our research objective is to locate those vulnerabilities and threats that affect information assets along with solutions. This search was achieved thanks to the reviews of articles published in bibliographic databases such as: Scopus, Scielo, IEEE Xplore, IOPScience, ScienceDirect, ResearchGate, World Wide Science, Dialnet, Semantic Scholar and Google Academy between the years 2017 to 2022. As a result, those vulnerabilities will be obtained along with their threats, highlighting malware as the main threat to the asset and cryptography solutions that will seek to improve information security.

References

Abunadi, I., & Kumar, R. L. (2021). Blockchain and Business Process Management in Health Care, Especially for COVID-19 Cases. Security and Communication Networks, 2021, 1–16. https://doi.org/10.1155/2021/2245808

Alonge, C. Y., Arogundade, O. T., Adesemowo, K., Ibrahalu, F. T., Adeniran, O. J., & Mustapha, A. M. (2020). Information Asset Classification and Labelling Model Using Fuzzy Approach for Effective Security Risk Assessment. 2020 International Conference in Mathematics, Computer Engineering and Computer Science (ICMCECS), 1–7. https://doi.org/10.1109/ICMCECS47690.2020.240911

Angraini, Megawati, & Haris, L. (2018). Risk Assessment on Information Asset an academic Application Using ISO 27001. 2018 6th International Conference on Cyber and IT Service Management (CITSM), 1–4. https://doi.org/10.1109/CITSM.2018.8674294

Asgarkhani, M., Correia, E., & Sarkar, A. (2017). An overview of information security governance. 2017 International Conference on Algorithms, Methodology, Models and Applications in Emerging Technologies (ICAMMAET), 1–4. https://doi.org/10.1109/ICAMMAET.2017.8186666

Bélen Gallego, A., & Palomo Zurdo, R. J. (2020). Blockchain: un reto del siglo XXI para la Economía Social. XVIII Congreso Internacional de Investigadores en Economía Social y Cooperativa. http://ciriec.es/wp-content/uploads/2020/09/COMUN-046-T11-GALLEGO-PALOMO-ok.pdf

Benishti, E. (2020). 50,000+ Fake Login Pages Spoofing Over 200 Brands Worldwide. IronScale Safer Together. https://ironscales.com/blog/fake-login-pages-spoof-prominent-brands-phishing-attacks/

Erb, M. (2014). Gestión de Riesgo. https://protejete.wordpress.com/gdr_principal/

Estrada-Esponda, R. D., Unás-Gómez, J. L., & Flórez-Rincón, O. E. (2021). Prácticas de seguridad de la información en tiempos de pandemia. Caso Universidad del Valle, sede Tuluá. Revista Logos, Ciencia & Tecnología, 13(3). https://doi.org/10.22335/rlct.v13i3.1446

Evans, N., & Price, J. (2020). Development of a holistic model for the management of an enterprise’s information assets. International Journal of Information Management, 54, 102193. https://doi.org/10.1016/j.ijinfomgt.2020.102193

Faruki, P., Bharmal, A., Laxmi, V., Ganmoor, V., Gaur, M. S., Conti, M., & Rajarajan, M. (2015). Android Security: A Survey of Issues, Malware Penetration, and Defenses. IEEE Communications Surveys & Tutorials, 17(2), 998–1022. https://doi.org/10.1109/COMST.2014.2386139

Firdaus, N., & Suprapto, S. (2017). Evaluasi Manajemen Risiko Teknologi Informasi Menggunakan COBIT 5 IT Risk (Studi Kasus : PT. Petrokimia Gresik). Jurnal Pengembangan Teknologi Informasi Dan Ilmu Komputer, 2(1), 91–100. https://j-ptiik.ub.ac.id/index.php/j-ptiik/article/view/702

Goodin, D. (2009). Pro-Palestine vandals deface Army, NATO sites. The Register. https://www.theregister.com/2009/01/10/army_nato_sites_defaced/

Guerra, E., Neira, H., Díaz, J. L., & Patiño, J. (2021). Desarrollo de un sistema de gestión para la seguridad de la información basado en metodología de identificación y análisis de riesgo en bibliotecas universitarias. Información Tecnológica, 32(5), 145–156. https://doi.org/10.4067/S0718-07642021000500145

Irwin, L. (2021). What is a DoS (denial-of-service) attack? IT Governance UK. https://www.itgovernance.co.uk/blog/what-is-a-dos-denial-of-service-attack

Kativu, K. T., & Pottas, D. (2019). Leveraging intrinsic resources for the protection of health information assets. South African Computer Journal, 31(2). https://doi.org/10.18489/sacj.v31i2.536

Kitsios, F., Chatzidimitriou, E., & Kamariotou, M. (2022). Developing a Risk Analysis Strategy Framework for Impact Assessment in Information Security Management Systems: A Case Study in IT Consulting Industry. Sustainability, 14(3), 1269. https://doi.org/10.3390/su14031269

Li, Y., Liu, R., Liu, X., Li, H., & Sun, Q. (2021). Research on Information Security Risk Analysis and Prevention Technology of Network Communication Based on Cloud Computing Algorithm. Journal of Physics: Conference Series, 1982(1), 012129. https://doi.org/10.1088/1742-6596/1982/1/012129

Maiorano, A. (2009). Criptografía - Técnicas de desarrollo para profesionales (1st ed.). Alfaomega México.

Maquera Quispe, H. G., & Serpa Guillermo, P. N. (2019). Gestión de activos basado en ISO/IEC 27002 para garantizar seguridad de la información. Ciencia & Desarrollo, 21, 100–112. https://doi.org/10.33326/26176033.2017.21.736

Nikita, & Kaur, R. (2014). A Survey on Secret Key Encryption Technique. International Journal of Research in Engineering & Technology, 2(5), 7–14. https://www.impactjournals.us/index.php/archives?jname=77_2&year=2014&submit=Search&page=6

Prajanti, A. D., & Ramli, K. (2019). A Proposed Framework for Ranking Critical Information Assets in Information Security Risk Assessment Using the OCTAVE Allegro Method with Decision Support System Methods. 2019 34th International Technical Conference on Circuits/Systems, Computers and Communications (ITC-CSCC), 1–4. https://doi.org/10.1109/ITC-CSCC.2019.8793421

Puig Pascual, A. (2018). Experiencias. Identidad digital sobre «Blockchain» a nivel nacional. Revista Icade. Revista de Las Facultades de Derecho y Ciencias Económicas y Empresariales, 101. https://doi.org/10.14422/icade.i101.y2017.006

Rieck, K., Holz, T., Willems, C., Düssel, P., & Laskov, P. (2008). Learning and Classification of Malware Behavior. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 108–125). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-540-70542-0_6

Roa Buendía, J. F., & Sanz, F. J. (2013). Seguridad informática (2nd ed.). McGraw-Hill.

Sánchez-Bautista, G., & Ramírez-Chávez, L. (2022). Amenazas de seguridad a considerar en el desarrollo de software. XIKUA Boletín Científico de La Escuela Superior de Tlahuelilpan, 10(19), 31–37. https://doi.org/10.29057/xikua.v10i19.8118

Sohrabi Safa, N., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. Computers & Security, 56, 70–82. https://doi.org/10.1016/j.cose.2015.10.006

Solís, F., Pinto, D., & Solís, S. (2017). Seguridad de la información en el intercambio de datos entre dispositivos móviles con sistema Android utilizando el método de encriptación RSA. Enfoque UTE, 8(1), 160–171. https://doi.org/10.29019/enfoqueute.v8n1.123

Triana, Y. S., & Pangabean, R. A. M. (2021). Risk Analysis in the Application of Financore Information Systems Using FMEA Method. Journal of Physics: Conference Series, 1751(1), 012032. https://doi.org/10.1088/1742-6596/1751/1/012032

Urrútia, G., & Bonfill, X. (2010). Declaración PRISMA: una propuesta para mejorar la publicación de revisiones sistemáticas y metaanálisis. Medicina Clínica, 135(11), 507–511. https://doi.org/10.1016/j.medcli.2010.01.015

Velasco Sánchez, P. M., Jiménez Jim´énez, M. S., & Chafla Altamirano, G. X. (2017). Análisis de los mecanismos de encriptación para la seguridad de la información en redes de comunicaciones. SATHIRI, 12(1), 91. https://doi.org/10.32645/13906925.38

Velepucha Sánchez, M. A., Morales Carrillo, J., & Pazmiño Campuzano, M. F. (2022). Análisis y evaluación de riesgos aplicados a la seguridad de la información bajo la norma ISO. Informática y Sistemas: Revista de Tecnologías de La Informática y Las Comunicaciones, 6(1), 63–78. https://doi.org/10.33936/isrtic.v6i1.4473

Yupanqui, J. R. A., & Oré, S. B. (2017). Políticas de Seguridad de la Información: Revisión Sistemática de las Teorías que Explican su Cumplimiento. RISTI - Revista Ibérica de Sistemas e Tecnologias de Informação, 25, 112–134. https://doi.org/10.17013/risti.25.112-134