Metodologias de gestão e prevenção de riscos: uma comparação
DOI:
https://doi.org/10.18046/syt.v14i36.2214Palavras-chave:
Análise, gestão, metodologias, prevenção, riscos.Resumo
Este artigo analisa nove metodologias de gestão e prevenção de riscos, comparando as suas fases e avalia-se se devem ou não considerar o fator humano na análise e tratamento de riscos (observa-se que menos de metade delas, isto é 42,85% consideram esse fator). As investigadoras concluem que a metodologia de gestão de riscos do Instituto Nacional de Estándares e Tecnologia é a mais completa, embora fosse conveniente se focar mais no factor humano, como o faz a metodologia para o diagnóstico, prevenção e controle da corrupção em programas de segurança cidadã do Banco Interamericano de Desenvolvimento.
Referências
AS/NZS 4360:1999 -Estándar Australiano, Administración de Riesgos. (1999). Retrieved form: http://www.bcu.gub.uy/Acerca-de-BCU/Concursos/Est%C3%A1ndar%20Australiano_Adm_Riesgos.pdf
Bandyopadhyay, K., Mykytyn, P. P., & Mykytyn, K. (1999). A framework for integrated risk management in information technology. Management Decision, 37(5), 437- 444.
Boge, K. (2001). A platform for risk analysis of security critical systems (CORAS. IST-2000-25031). Oslo, Norway: Norsk_Regnesentral.
Brantingham, P. J. & Faust, F. L. (1976). A conceptual model of crime prevention. Crime and Delinquency, 22(3), 284-296.
British Standards Institution [BSI]. (1991). Quality vocabulary (No. BS4778 [Part 3 Section 3.2 = IEC 1990 50(191)]). London, UK: BSI.
British Standards Institution [BSI]. (1999). BS7799-2. Information security management -part 2: specification for information security management systems. London, UK: BSI.
Campos, E. & Pradhan, S. (2007). The many faces of the corruption: tracking vulnerabilities at the sector level. Washington DC: World Bank.
Carnegie Corporation. (1957). Carnegie Commission on Preventing Deadly Conflict. Final report with executive summary. New York, NY: Carnegie Corporation.
Concha-EastMan, A. (2004). Violencia urbana en América Latina y el Caribe: dimensiones, explicaciones, acciones. In S. Rotker (Ed.), Ciudadanías del miedo (pp. 39-53.). Caracas, Venezuela: Rutgers.
Consejo Superior de Administración Electrónica (2012). MAGERIT versión 3. Metodología de análisis y gestión de riesgos de los sistemas de información.. Madrid, España: Ministerio de Hacienda y Administraciones Públicas.
Díaz-Aguado, M. J., Martínez-Arias, R., & Martín-Seoane, G. (2004). Prevención de la violencia y lucha contra la exclusión desde la adolescencia. In Volumen uno: La violencia entre Iguales en la escuela y en el ocio. estudios comparativos e instrumentos de valuación. Madrid, España: Instituto de la Juventud.
Douglas, M. (1990). Risk as a forensic resource. Daedalus, 119(4). Retrieved from: http://www.jstor.org/stable/20025335
Ekblom, P. (2003). The conjunction of criminal opportunity: a framework for crime reduction. London, UK: Home Office Crime and Policing Group.
Frosdick, S. (1997). The techniques of risk analysis are insufficient in themselves. Disaster Prevention and Management, 6(3), 165-177.
García-Mejía, M. (2010). Metodología para el diagnóstico, prevención y control de la corrupción en programas de seguridad ciudadana (No. Documento de Debate #IDB-DP-117). Washington, DC: Banco Interamericano de Desarrollo (BID).
García-Ospina, C. & Tobón-Correa, O. (2000). Promoción de la salud, prevención de la enfermedad, atención primaria en salud y plan de atención básica. ¿Qué los acerca? ¿Qué los separa? Hacia Promoción de la Salud, 5, 7-21.
Gerber, M., & Von Solms, R. (2005). Management of risk in the information age. Computer & Security, 24, 16-30.
Graham, J., & Bennett, T. (1995). Crime prevention strategies in Europe and North America (Vol. 28). Helsinki-New York: European Institute for Crime Prevention and Control.
Hayden, C., & Blaya, C. (2001). Violence et comportements agressifs dans les écoles anglaises. In E. Debarbieux & C. Blaya (Eds.), La violence en millieu scolaire-3- dix approaches en Europe (pp. 43-70.). Paris, France: ESF.
Huerta, A. (2012, April 2). Introducción al análisis de riesgos - metodologías (II) [blog security artwork]. Retrieved from: http://www.securityartwork.es/2012/04/02/introduccion-al-analisis-de-riesgos-%E2%80%93-metodologias-ii/
ISO/IEC_TR_13335-1. (1996). Information technology - guidelines for the management of it security - part 1: concepts and models for it security (1st ed.). Geneva, Switzerland: ISO/IEC.
Kailay, M. P., & Jarratt, P. (1995). RAMeX: a prototype expert system for computer security analysis and management. Computers and Security, 14, 449-463.
Khan-Pathan, A.S. (2010). The state of the art in intrusion prevention and detection. Kuala Lumpur, Malaysia: CRC.
Kirkwood, A. S. (1994). Why do we worry when scientists say there is no risk? Disaster Prevention and Management, 3(2), 15- 22.
Knepper, P. (2007). Criminology and social policy. London, UK: Sage.
Martínez, F., & Ruiz, J. (2001). Manual de gestión de riesgos sanitarios: Madrid, Spain: Diaz De Santos.
Mell, P., Kent, K., & Nusbaum, J. (2005). Guide to malware incident prevention and handling. Gaithersburg, MD: NIST.
Moses, R. H. (1992). Risk analysis and management. In K. M. Jackson & J. Hruska (Eds.), Computer security reference book. Oxford, UK: Butterworth-Heinemann.
National Institute of Standards and Technology [NIST]. (1995). An introduction to computer security. Washington DC: US Department of Commerce.
National Institute of Standards and Technology [NIST]. (2001). Risk management guide for information technology systems. Washington DC: US Department of Commerce.
NTC-ISO/IEC 27005: Tecnología de la información. Técnicas de seguridad. Gestión del riesgo en la seguridad de la Información. Bogotá, Colombia: ICONTEC.
Owens, S. (1998). Information security management: an introduction. London, UK: British Standards Institution.
Peyre, V. (1986). Introduction: elements d'un debat sur la prévention de la delinquance. Annales de Vaucresson, 1(24), 9-13.
Piper, S. (2011). Intrusion detection systems for dummies. Hoboken, NJ: Wiley.
Project Management Institute [PMI]. (2008). A guide to the project management body of knowledge (PMBOK Guide) (4ta ed.). Newtown Square, PA: PMI.
Qasem, M. (2013). Information technology risk assessment methodologies: current status and future directions. International Journal of Scientific & Engineering Research, 4(12), 966-972.
Ragmognino, N., FradJi, D., Soldini, F., & Vergés, P. (1997). L’École comme dispositive simbolique et les violences: le example de trois ecoles em Marseille. In B. Charlot & J. C. Émin (Eds.), Violences à l’école - État des Savoirs. Paris, France: Masson & Armand Colin.
Royal Society. (1992). Risk: analysis, perception and management. London, UK: The Royal Society.
Sánchez-Peña, M., Sánchez-Delgado, K., Agudelo-Ramírez, A. (2015). Estrategias lúdicas para aumentar el conocimiento de un grupo de adolescentes escolarizados sobre la gingivitis. Duazary, 12(2), 100-111.
Savona, E. U. (2004). Ipotesi per uno scenario della prevenzione. In R. Selmini (Ed.), (a cura di) la sicurezza urbana, (pp. 273-284). Bologna, Italy: Il Mulino.
Sigerist, H. (1951). A history of medicine: primitive and archaic medicine. New York, NY: Oxford University Press.
Strutt, J. (1993). Risk assessment and management: the engineering approach. Cranfield, UK: Cranfield University.
Tonry, M. & Farrington, D. (1995). Strategic approach to crime prevention. Crime and Justice, 19, 1-20. Retrieved from: http://www.jstor.org/stable/1147594
Vargas, I., Villegas, O., Sánchez, A., & Holthuis, K. (2003). Promoción, prevención y educación para la salud. San José, Costa Rica: EDNASSS. Available at: http://www.cendeisss.sa.cr/posgrados/modulos/Modulo2/Modulo_2.pdf
Walgrave, L., & De Cauter, F. (1986). Une tentative de clarification de la notion de prévention. Annales de Vaucresson, 1(24), 31-51.
Wallensteen, P. & Möller, F. (2003). Conflict prevention: methodology for knowing the unknown [Uppsala Peace Research Papers No. 7, Department of Peace and Conflict Research]. Sweden: Uppsala University. Retrieved from: http://www.pcr.uu.se/digitalAssets/61/61533_1prevention___knowing_the_unknown.pdf
Wallensteen, P. (2002). Understanding conflict resolution. London, UK: Sage.
Weiss, T. & Hubert, D. (2001). The responsibility to protect . Ottawa, ON: International Development Research Center. Available at: http://www.idrc.ca/EN/Resources/Publications/openebooks/963-1/index.html
Yu, E. (2004). Information systems (in the Internet age). In Practical Handbook of Internet Computing: Boca Raton, FL: CRC.
Downloads
Publicado
Edição
Seção
Licença
Esta publicação está licenciada sob os termos da licença CC BY 4.0 (https://creativecommons.org/licenses/by/4.0/deed.pt_BR).