Formulación de una propuesta para un modelo de sistema de gestión de seguridad de la información para empresas de la industria bancaria en el sector privado

Formulación de una propuesta para un modelo de sistema de gestión de seguridad de la información para empresas de la industria bancaria en el sector privado

Nowadays, banking industry in Ecuador has directed its efforts towards providing practical and accessible information systems to its clients, adapting itself to the technological advances of time. However, there has been a proportional increase in threats and computer attacks that, not only endanger...

Popoln opis

Shranjeno v:
Bibliografske podrobnosti
Glavni avtor: Landázuri Benalcázar, María Cristina (author)
Format: masterThesis
Jezik:spa
Izdano: 2017
Teme:
SISTEMAS DE GESTIÓN
SEGURIDAD INFORMÁTICA
INDUSTRIA BANCARIA
Online dostop:http://dspace.udla.edu.ec/handle/33000/8191
Oznake: Označite
Brez oznak, prvi označite!
Opis
Izvleček:Nowadays, banking industry in Ecuador has directed its efforts towards providing practical and accessible information systems to its clients, adapting itself to the technological advances of time. However, there has been a proportional increase in threats and computer attacks that, not only endanger the information systems but also the stability of the entity as a whole; therefore, the concept of value of information as the most important asset has become the fundamental objective of banking entities, hence the importance of establishing a methodological scheme and documented processes for its proper management. An ISO 27001 Information Security Management System (ISMS) is based on the preservation of information confidentiality, integrity and availability, by means of a risk management process that ensures they are known, assumed, managed and minimized by the organization. The following project proposes a model of information security management system (ISMS) for private sector banking entities in Ecuador based on best practices and principles of ISO standards, and frameworks such as COBIT for IT governance and COSO for internal control. An analysis has been carried out taking into account current issues with information handling and legal and regulatory requirements which are mandatory for banking industry entities in Ecuador and therefore regulated by the financial authority; the proposed controls for implementation are determined in ISO 27001 and based on those requirements. Once all requirements have been determined, there is an explanation and a proposal on a scheme or methodology for the ISMS seen on “Planning” phase, which includes information such as policies, risk analysis, asset classification, a risk treatment plan, etc. using the PDCA (Plan, do, check, act) model of improvement known as the “Deming Cycle”, or translated into Spanish Planificar, hacer, verificar y actuar (PHVA), that establishes a cyclical process of continuous improvement in which the cited proposal is based. Finally, there are suggestions on models and measurement structures intended to evaluate the information security performance and ISMS effectiveness.

Podobne knjige/članki