Vulnerabilities and threats in information assets
a systematic review
DOI:
https://doi.org/10.51252/rcsi.v3i1.461Keywords:
information assets, threats, cryptography, information security, vulnerabilitiesAbstract
With the advancement of time and technology, the security that was previously protected has been affected by multiple attacks, which in a certain sense were thought to be minor but, nowadays, it is necessary for the data to be controlled. These assets will be implicated by vulnerabilities and threats, which in order to defend themselves will require the question of this systematic review: Is it important to identify vulnerabilities and threats in information assets? Therefore, our research objective is to locate those vulnerabilities and threats that affect information assets along with solutions. This search was achieved thanks to the reviews of articles published in bibliographic databases such as: Scopus, Scielo, IEEE Xplore, IOPScience, ScienceDirect, ResearchGate, World Wide Science, Dialnet, Semantic Scholar and Google Academy between the years 2017 to 2022. As a result, those vulnerabilities will be obtained along with their threats, highlighting malware as the main threat to the asset and cryptography solutions that will seek to improve information security.
Downloads
References
Abunadi, I., & Kumar, R. L. (2021). Blockchain and Business Process Management in Health Care, Especially for COVID-19 Cases. Security and Communication Networks, 2021, 1–16. https://doi.org/10.1155/2021/2245808
Alonge, C. Y., Arogundade, O. T., Adesemowo, K., Ibrahalu, F. T., Adeniran, O. J., & Mustapha, A. M. (2020). Information Asset Classification and Labelling Model Using Fuzzy Approach for Effective Security Risk Assessment. 2020 International Conference in Mathematics, Computer Engineering and Computer Science (ICMCECS), 1–7. https://doi.org/10.1109/ICMCECS47690.2020.240911
Angraini, Megawati, & Haris, L. (2018). Risk Assessment on Information Asset an academic Application Using ISO 27001. 2018 6th International Conference on Cyber and IT Service Management (CITSM), 1–4. https://doi.org/10.1109/CITSM.2018.8674294
Asgarkhani, M., Correia, E., & Sarkar, A. (2017). An overview of information security governance. 2017 International Conference on Algorithms, Methodology, Models and Applications in Emerging Technologies (ICAMMAET), 1–4. https://doi.org/10.1109/ICAMMAET.2017.8186666
Bélen Gallego, A., & Palomo Zurdo, R. J. (2020). Blockchain: un reto del siglo XXI para la Economía Social. XVIII Congreso Internacional de Investigadores en Economía Social y Cooperativa. http://ciriec.es/wp-content/uploads/2020/09/COMUN-046-T11-GALLEGO-PALOMO-ok.pdf
Benishti, E. (2020). 50,000+ Fake Login Pages Spoofing Over 200 Brands Worldwide. IronScale Safer Together. https://ironscales.com/blog/fake-login-pages-spoof-prominent-brands-phishing-attacks/
Erb, M. (2014). Gestión de Riesgo. https://protejete.wordpress.com/gdr_principal/
Estrada-Esponda, R. D., Unás-Gómez, J. L., & Flórez-Rincón, O. E. (2021). Prácticas de seguridad de la información en tiempos de pandemia. Caso Universidad del Valle, sede Tuluá. Revista Logos, Ciencia & Tecnología, 13(3). https://doi.org/10.22335/rlct.v13i3.1446
Evans, N., & Price, J. (2020). Development of a holistic model for the management of an enterprise’s information assets. International Journal of Information Management, 54, 102193. https://doi.org/10.1016/j.ijinfomgt.2020.102193
Faruki, P., Bharmal, A., Laxmi, V., Ganmoor, V., Gaur, M. S., Conti, M., & Rajarajan, M. (2015). Android Security: A Survey of Issues, Malware Penetration, and Defenses. IEEE Communications Surveys & Tutorials, 17(2), 998–1022. https://doi.org/10.1109/COMST.2014.2386139
Firdaus, N., & Suprapto, S. (2017). Evaluasi Manajemen Risiko Teknologi Informasi Menggunakan COBIT 5 IT Risk (Studi Kasus : PT. Petrokimia Gresik). Jurnal Pengembangan Teknologi Informasi Dan Ilmu Komputer, 2(1), 91–100. https://j-ptiik.ub.ac.id/index.php/j-ptiik/article/view/702
Goodin, D. (2009). Pro-Palestine vandals deface Army, NATO sites. The Register. https://www.theregister.com/2009/01/10/army_nato_sites_defaced/
Guerra, E., Neira, H., Díaz, J. L., & Patiño, J. (2021). Desarrollo de un sistema de gestión para la seguridad de la información basado en metodología de identificación y análisis de riesgo en bibliotecas universitarias. Información Tecnológica, 32(5), 145–156. https://doi.org/10.4067/S0718-07642021000500145
Irwin, L. (2021). What is a DoS (denial-of-service) attack? IT Governance UK. https://www.itgovernance.co.uk/blog/what-is-a-dos-denial-of-service-attack
Kativu, K. T., & Pottas, D. (2019). Leveraging intrinsic resources for the protection of health information assets. South African Computer Journal, 31(2). https://doi.org/10.18489/sacj.v31i2.536
Kitsios, F., Chatzidimitriou, E., & Kamariotou, M. (2022). Developing a Risk Analysis Strategy Framework for Impact Assessment in Information Security Management Systems: A Case Study in IT Consulting Industry. Sustainability, 14(3), 1269. https://doi.org/10.3390/su14031269
Li, Y., Liu, R., Liu, X., Li, H., & Sun, Q. (2021). Research on Information Security Risk Analysis and Prevention Technology of Network Communication Based on Cloud Computing Algorithm. Journal of Physics: Conference Series, 1982(1), 012129. https://doi.org/10.1088/1742-6596/1982/1/012129
Maiorano, A. (2009). Criptografía - Técnicas de desarrollo para profesionales (1st ed.). Alfaomega México.
Maquera Quispe, H. G., & Serpa Guillermo, P. N. (2019). Gestión de activos basado en ISO/IEC 27002 para garantizar seguridad de la información. Ciencia & Desarrollo, 21, 100–112. https://doi.org/10.33326/26176033.2017.21.736
Nikita, & Kaur, R. (2014). A Survey on Secret Key Encryption Technique. International Journal of Research in Engineering & Technology, 2(5), 7–14. https://www.impactjournals.us/index.php/archives?jname=77_2&year=2014&submit=Search&page=6
Prajanti, A. D., & Ramli, K. (2019). A Proposed Framework for Ranking Critical Information Assets in Information Security Risk Assessment Using the OCTAVE Allegro Method with Decision Support System Methods. 2019 34th International Technical Conference on Circuits/Systems, Computers and Communications (ITC-CSCC), 1–4. https://doi.org/10.1109/ITC-CSCC.2019.8793421
Puig Pascual, A. (2018). Experiencias. Identidad digital sobre «Blockchain» a nivel nacional. Revista Icade. Revista de Las Facultades de Derecho y Ciencias Económicas y Empresariales, 101. https://doi.org/10.14422/icade.i101.y2017.006
Rieck, K., Holz, T., Willems, C., Düssel, P., & Laskov, P. (2008). Learning and Classification of Malware Behavior. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 108–125). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-540-70542-0_6
Roa Buendía, J. F., & Sanz, F. J. (2013). Seguridad informática (2nd ed.). McGraw-Hill.
Sánchez-Bautista, G., & Ramírez-Chávez, L. (2022). Amenazas de seguridad a considerar en el desarrollo de software. XIKUA Boletín Científico de La Escuela Superior de Tlahuelilpan, 10(19), 31–37. https://doi.org/10.29057/xikua.v10i19.8118
Sohrabi Safa, N., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. Computers & Security, 56, 70–82. https://doi.org/10.1016/j.cose.2015.10.006
Solís, F., Pinto, D., & Solís, S. (2017). Seguridad de la información en el intercambio de datos entre dispositivos móviles con sistema Android utilizando el método de encriptación RSA. Enfoque UTE, 8(1), 160–171. https://doi.org/10.29019/enfoqueute.v8n1.123
Triana, Y. S., & Pangabean, R. A. M. (2021). Risk Analysis in the Application of Financore Information Systems Using FMEA Method. Journal of Physics: Conference Series, 1751(1), 012032. https://doi.org/10.1088/1742-6596/1751/1/012032
Urrútia, G., & Bonfill, X. (2010). Declaración PRISMA: una propuesta para mejorar la publicación de revisiones sistemáticas y metaanálisis. Medicina Clínica, 135(11), 507–511. https://doi.org/10.1016/j.medcli.2010.01.015
Velasco Sánchez, P. M., Jiménez Jim´énez, M. S., & Chafla Altamirano, G. X. (2017). Análisis de los mecanismos de encriptación para la seguridad de la información en redes de comunicaciones. SATHIRI, 12(1), 91. https://doi.org/10.32645/13906925.38
Velepucha Sánchez, M. A., Morales Carrillo, J., & Pazmiño Campuzano, M. F. (2022). Análisis y evaluación de riesgos aplicados a la seguridad de la información bajo la norma ISO. Informática y Sistemas: Revista de Tecnologías de La Informática y Las Comunicaciones, 6(1), 63–78. https://doi.org/10.33936/isrtic.v6i1.4473
Yupanqui, J. R. A., & Oré, S. B. (2017). Políticas de Seguridad de la Información: Revisión Sistemática de las Teorías que Explican su Cumplimiento. RISTI - Revista Ibérica de Sistemas e Tecnologias de Informação, 25, 112–134. https://doi.org/10.17013/risti.25.112-134
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Evellyn Milles Duval Guevara-Vega, Jose Ricardo Delgado-Deza, Alberto Carlos Mendoza-de-los-Santos
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors retain their rights:
a. The authors retain their trademark and patent rights, as well as any process or procedure described in the article.
b. The authors retain the right to share, copy, distribute, execute and publicly communicate the article published in the Revista Científica de Sistemas e Informática (RCSI) (for example, place it in an institutional repository or publish it in a book), with an acknowledgment of its initial publication in the RCSI.
c. Authors retain the right to make a subsequent publication of their work, to use the article or any part of it (for example: a compilation of their works, notes for conferences, thesis, or for a book), provided that they indicate the source of publication (authors of the work, journal, volume, number and date).
