Sistema de gestión de la seguridad de la información (SGSI) basado en la norma ISO 27001:2013 para el centro médico 'Cotacachi'
This thesis addresses the implementation of an Information Security Management System (ISMS) at 'Cotacachi' Medical Center, with the aim of safeguarding the confidentiality, integrity, and availability of sensitive and critical information related to patients and medical operations. The IS...
Kaydedildi:
| Yazar: | |
|---|---|
| Materyal Türü: | bachelorThesis |
| Baskı/Yayın Bilgisi: |
2023
|
| Konular: | |
| Online Erişim: | https://repositorio.puce.edu.ec/handle/123456789/43002 |
| Etiketler: |
Etiketle
Etiket eklenmemiş, İlk siz ekleyin!
|
Etiketle | Özet: | This thesis addresses the implementation of an Information Security Management System (ISMS) at 'Cotacachi' Medical Center, with the aim of safeguarding the confidentiality, integrity, and availability of sensitive and critical information related to patients and medical operations. The ISO 27001:2013 standard is adopted as a framework to guide the planning, establishment, implementation, operation, monitoring, review, maintenance, and improvement of the ISMS. The thesis is structured into several key stages. Firstly, a comprehensive review of the ISO 27001:2013 standard is conducted, identifying its requirements and guidelines for establishing an effective ISMS. Subsequently, a detailed analysis of the current state of 'Cotacachi' Medical Center's information security is performed, identifying vulnerabilities, threats, and potential risks. Based on this analysis, a detailed ISMS implementation plan is designed. This plan includes defining security policies, identifying roles and responsibilities, conducting risk assessments, and defining appropriate control measures to mitigate identified risks. Additionally, an information security awareness and training program is established for the medical center's personnel. During the implementation phase, necessary security controls are integrated, operational procedures are established, and an internal audit is conducted to ensure that the ISMS complies with the ISO 27001:2013 requirements. Finally, a thorough review of the implementation process is carried out, lessons learned are identified, and recommendations for the continuous improvement of the ISMS at 'Cotacachi' Medical Center are proposed. |
|---|