The method of analysis of data-processing risks optimized by level ( Marion ) is a method of audit, suggested since 1983 by CLUSIF, aiming at evaluating the data-processing security level of a company. The objective is double:

1. to locate the audited company compared to a level considered to be correct, and the level reached by the similar companies
2. to identify the threats and vulnerabilities to be countered.

Principles

Six topics

The analysis is articulated in 6 broad topics:

1. organisational safety
2. physical safety
3. the continuity of service
4. the data-processing organization
5. logical safety and the exploitation
6. the safety of the

applications

Twenty-seven indicators

The indicators, distributed in these 6 topics, will be evaluated, and developed on a scale of 0 (very unsatisfactory) to 4 (very satisfactory), level 3 being the level considered to be correct. Each indicator is affected of a weight according to its importance.

Seventeen types of threats

1. physical Accidents
2. physical Malveillance
3. Panne of IF
4. Deficiency of personnel
5. Deficiency of person receiving benefits
6. Interruption of operation of the network
7. Error of seizure
8. Error of transmission
9. Error of exploitation
10. Error of design/development
11. Latent defect of a software package
12. Embezzlement
13. Diversion of goods
14. illicit Copy of software
15. Indiscretion/diversion of information
16. immaterial Sabotage
17. logical Attack of the network

Phases

Evolution

Method MARION did not evolve/move any more since 1998. The CLUSIF proposes from now on a harmonized Méthode of analysis of the risks (Méhari) which one can think that it will replace MARION.

Appendices

See too

• CLUSIF

• Safety of information
• Information system security
• Risks in computer security
• Plane of continuity of activity
• harmonized Method of analysis of the risks

Random links:

Rodolphe Ier of the Holy roman Empire | Motz | Owen jack | Is of Goiás | Khaled Ben Yahia