A Systematic Review of Risk Management Methodologies for Complex Organizations in Industry 4.0 and 5.0

Juan Vicente Barraza De La Paz,Víctor Morales-Rocha,Luis Alberto Rodríguez-Picón,Soledad Vianey Torres-Argüelles

doi:10.3390/systems11050218

Juan Vicente Barraza De La Paz, Víctor Morales-Rocha + Show 2 more

Open Access

https://doi.org/10.3390/systems11050218

Copy DOI

Journal: Systems	Publication Date: Apr 25, 2023
Citations: 8	License type: CC BY 4.0

Affiliation: Universidad Autónoma de Ciudad Juárez

Abstract

The large amount of information handled by organizations has increased their dependance on information technologies, which has made information security management a complex task. This is mainly because they cover areas such as physical and environmental security, organization structure, human resources and the technologies used. Information security frameworks can minimize the complexity through the different documents that contain guidelines, standards, and requirements to establish the procedures, policies, and processes for every organization. However, the selection of an appropriate framework is by itself a critical and important task, as the framework must adapt to the characteristics of an organization. In this paper, a general vision of the newest versions of the NIST CSF, ISO/IEC 27001:2022, and MAGERIT frameworks is provided by comparing their characteristics in terms of their approaches to the identification, assessment, and treatment of risks. Furthermore, their key characteristics are analyzed and discussed, which should facilitate the consideration of any of these frameworks for the risk management of complex manufacturing organizations.

Full Text