{"id":360,"date":"2022-03-04T08:23:38","date_gmt":"2022-03-04T11:23:38","guid":{"rendered":"http:\/\/rafaelrabelo1.hospedagemdesites.ws\/?p=360"},"modified":"2024-09-30T14:52:36","modified_gmt":"2024-09-30T17:52:36","slug":"artigo-evaluating-the-performance-of-nists-framework-cybersecurity-controls-through-a-constructivist-multicriteria-methodology","status":"publish","type":"post","link":"https:\/\/rafael.rabelo.org\/?p=360","title":{"rendered":"[Artigo] Evaluating the Performance of NIST&#8217;s Framework Cybersecurity Controls Through a Constructivist Multicriteria Methodology"},"content":{"rendered":"<p>O aluno Fernando Rocha Moreira publicou, recentemente, um artigo que versa sobre como utilizar os m\u00e9todos de decis\u00e3o multicrit\u00e9rio para se avaliar e priorizar os controles que mitigam riscos de seguran\u00e7a cibern\u00e9tica.<\/p>\n<p>O artigo foi publicado na revista IEEE Access.<\/p>\n<p>Resumo:<br \/>\nEste artigo visa mostrar como a cria\u00e7\u00e3o de um plano de risco pode ser resolvida com a ajuda do m\u00e9todo construtivista multicrit\u00e9rio. Um estudo de caso utilizando o m\u00e9todo multicrit\u00e9rio Decision Aid Constructivist (MCDA-C) foi aplicado, tendo como refer\u00eancia os controles do quadro de seguran\u00e7a cibern\u00e9tica. O estudo foi realizado em um grande banco brasileiro no Brasil. A relev\u00e2ncia deste trabalho \u00e9 a necessidade de mostrar que a aplica\u00e7\u00e3o de m\u00e9todos multicrit\u00e9rios pode ser aplicada no contexto da seguran\u00e7a da informa\u00e7\u00e3o, que recomenda o uso de tais m\u00e9todos para auxiliar na an\u00e1lise de risco. A metodologia utilizada neste estudo foi tanto quantitativa quanto qualitativa, obtendo dados prim\u00e1rios atrav\u00e9s de brainstorming com tomadores de decis\u00e3o e formul\u00e1rios respondidos por especialistas. Os dados secund\u00e1rios foram obtidos atrav\u00e9s do Framework for Improving Critical Infrastructure Cybersecurity, criado pelo NIST &#8211; National Institute of Standards and Technology of the United States. O problema foi estruturado de acordo com o m\u00e9todo construtivista, e os dados coletados foram processados e calculados. O estudo concluiu que a categoria de controles de Monitoramento Cont\u00ednuo de Seguran\u00e7a se destacou em compara\u00e7\u00e3o com outras categorias. Tamb\u00e9m mostra a import\u00e2ncia da aplica\u00e7\u00e3o do m\u00e9todo construtivista para a gest\u00e3o de riscos cibern\u00e9ticos, desvendando um problema e fornecendo uma base para a tomada de decis\u00f5es. Nosso trabalho contribui para uma melhor compreens\u00e3o do gerenciamento de riscos, incentivando a ado\u00e7\u00e3o do m\u00e9todo construtivista como uma forma de melhor pr\u00e1tica de gerenciamento de riscos.<\/p>\n<p>Abstract:<br \/>\nThis paper aims to show how creating a risk plan can be solved with the help of the constructivist multicriteria method. A case study using Multicriteria Decision Aid Constructivist (MCDA-C) was applied, with cybersecurity framework\u2019s controls as a reference. The study was conducted in a large Brazilian bank in Brazil. The relevance of this work is the need to show that the application of multicriteria methods can be applied in the context of information security, which recommends the use of such methods to assist in risk analysis. The methodology used in this study was both quantitative and qualitative, obtaining primary data through brainstorming with decision-makers and forms answered by experts. The secondary data were obtained through the Framework for Improving Critical Infrastructure Cybersecurity, created by NIST &#8211; the National Institute of Standards and Technology of the United States. The problem was structured according to the constructivist method, and the data collected were processed and calculated. The study concluded that the category of Security Continuous Monitoring controls stood out compared to other categories. It also shows the importance of applying the constructivist method for the management of cyber risks by unravelling a problem and providing a basis for decision making. Our work contributes to a better understanding of risk management, encouraging the adoption of the constructivist method as a form of risk management best practice.<\/p>\n<p>Link para o artigo:\u00a0<a href=\"http:\/\/dx.doi.org\/10.1109\/access.2021.3113178\">http:\/\/dx.doi.org\/10.1109\/access.2021.3113178<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>O aluno Fernando Rocha Moreira publicou, recentemente, um artigo que versa sobre como utilizar os m\u00e9todos de decis\u00e3o multicrit\u00e9rio para se avaliar e priorizar os controles que mitigam riscos de seguran\u00e7a cibern\u00e9tica. O artigo foi publicado na revista IEEE Access. &hellip; <a href=\"https:\/\/rafael.rabelo.org\/?p=360\">Continue lendo <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":510,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[3,34,57,36],"class_list":["post-360","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-pesquisa","tag-gestao-de-riscos","tag-mymcda-c","tag-nist-csf","tag-seguranca-da-informacao"],"_links":{"self":[{"href":"https:\/\/rafael.rabelo.org\/index.php?rest_route=\/wp\/v2\/posts\/360","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rafael.rabelo.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rafael.rabelo.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rafael.rabelo.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rafael.rabelo.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=360"}],"version-history":[{"count":2,"href":"https:\/\/rafael.rabelo.org\/index.php?rest_route=\/wp\/v2\/posts\/360\/revisions"}],"predecessor-version":[{"id":362,"href":"https:\/\/rafael.rabelo.org\/index.php?rest_route=\/wp\/v2\/posts\/360\/revisions\/362"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rafael.rabelo.org\/index.php?rest_route=\/wp\/v2\/media\/510"}],"wp:attachment":[{"href":"https:\/\/rafael.rabelo.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=360"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rafael.rabelo.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=360"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rafael.rabelo.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=360"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}