Skip navigation
Use este identificador para citar ou linkar para este item: http://repositorio.unb.br/handle/10482/43687
Arquivos associados a este item:
Arquivo Descrição TamanhoFormato 
ARTIGO_EvaluatingPerformanceNISTs.pdf6,87 MBAdobe PDFVisualizar/Abrir
Registro completo de metadados
Campo DCValorIdioma
dc.contributor.authorMoreira, Fernando Rocha-
dc.contributor.authorSilva Filho, Demétrio Antônio da-
dc.contributor.authorAmvame-Nze, Georges Daniel-
dc.contributor.authorSousa Júnior, Rafael Timóteo de-
dc.contributor.authorNunes, Rafael Rabelo-
dc.date.accessioned2022-05-12T15:06:56Z-
dc.date.available2022-05-12T15:06:56Z-
dc.date.issued2021-09-21-
dc.identifier.citationMOREIRA, Fernando Rocha et al. Evaluating the performance of NIST’s framework cybersecurity controls through a constructivist multicriteria methodology. IEEE Access, v. 9, p. 129605-129618, 2021. DOI: 10.1109/ACCESS.2021.3113178. Disponível em: https://ieeexplore.ieee.org/document/9540950. Acesso em: 12 maio 2022.pt_BR
dc.identifier.urihttps://repositorio.unb.br/handle/10482/43687-
dc.language.isoInglêspt_BR
dc.publisherIEEEpt_BR
dc.rightsAcesso Abertopt_BR
dc.titleEvaluating the performance of NIST’s framework cybersecurity controls through a constructivist multicriteria methodologypt_BR
dc.typeArtigopt_BR
dc.subject.keywordSegurança de dadospt_BR
dc.subject.keywordGestão de riscospt_BR
dc.subject.keywordProcesso decisóriopt_BR
dc.subject.keywordSegurança da informaçãopt_BR
dc.rights.licenseThis work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/pt_BR
dc.identifier.doi10.1109/ACCESS.2021.3113178pt_BR
dc.description.abstract1This paper aims to show how creating a risk plan can be solved with the help of the constructivist multicriteria method. A case study using Multicriteria Decision Aid Constructivist (MCDA-C) was applied, with cybersecurity framework’s controls as a reference. The study was conducted in a large Brazilian bank in Brazil. The relevance of this work is the need to show that the application of multicriteria methods can be applied in the context of information security, which recommends the use of such methods to assist in risk analysis. The methodology used in this study was both quantitative and qualitative, obtaining primary data through brainstorming with decision-makers and forms answered by experts. The secondary data were obtained through the Framework for Improving Critical Infrastructure Cybersecurity, created by NIST - the National Institute of Standards and Technology of the United States. The problem was structured according to the constructivist method, and the data collected were processed and calculated. The study concluded that the category of Security Continuous Monitoring controls stood out compared to other categories. It also shows the importance of applying the constructivist method for the management of cyber risks by unravelling a problem and providing a basis for decision making. Our work contributes to a better understanding of risk management, encouraging the adoption of the constructivist method as a form of risk management best practice.pt_BR
dc.identifier.orcidhttps://orcid.org/ 0000-0003-3100-7128pt_BR
dc.identifier.orcidhttps://orcid.org/ 0000-0002-7103-4780pt_BR
dc.identifier.orcidhttps://orcid.org/ 0000-0001-5271-5540pt_BR
dc.identifier.orcidhttps://orcid.org/ 0000-0003-1101-3029pt_BR
dc.identifier.orcidhttps://orcid.org/ 0000-0002-1538-4276pt_BR
Aparece nas coleções:Artigos publicados em periódicos e afins

Mostrar registro simples do item Visualizar estatísticas



Os itens no repositório estão protegidos por copyright, com todos os direitos reservados, salvo quando é indicado o contrário.