A Systematic Review of Risk Management Methodologies for Complex Organizations in Industry 4.0 and 5.0

The large amount of information handled by organizations has increased their dependance on information technologies, which has made information security management a complex task. This is mainly because they cover areas such as physical and environmental security, organization structure, human resources and the technologies used. Information security frameworks can minimize the complexity through the different documents that contain guidelines, standards, and requirements to establish the procedures, policies, and processes for every organization. However, the selection of an appropriate framework is by itself a critical and important task, as the framework must adapt to the characteristics of an organization. In this paper, a general vision of the newest versions of the NIST CSF, ISO/IEC 27001:2022, and MAGERIT frameworks is provided by comparing their characteristics in terms of their approaches to the identification, assessment, and treatment of risks. Furthermore, their key characteristics are analyzed and discussed, which should facilitate the consideration of any of these frameworks for the risk management of complex manufacturing organizations.