Diseño de un plan estratégico de seguridad de la información, mediante la aplicación de análisis de riesgos con la norma ISO/IEC 27005. Caso de estudioINAMHI
The research was carried out to the Ecuadorian State institutions, finding the need for a nade quate management of the information allowing the evaluation of the infrastructure, the information systems and the organizational measures from the technological perspective. In this study, we used the ind...
Saved in:
| Main Author: | |
|---|---|
| Format: | article |
| Published: |
2018
|
| Subjects: | |
| Online Access: | https://doi.org/10.33890/innova.v3.n2.1.2018.672 https://repositorio.uide.edu.ec/handle/37000/3317 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Add Tag | Summary: | The research was carried out to the Ecuadorian State institutions, finding the need for a nade quate management of the information allowing the evaluation of the infrastructure, the information systems and the organizational measures from the technological perspective. In this study, we used the inductive-deductive method that with an experimental approach allowed the solution to the problem of the disorderly handling of information.In the study an audit was conducted by the governing body to the EGSI and allowed to establish a starting point, then with the risk analysis and ISO/IEC27005:2012-OCTAVE-S obtain the controls, policies and procedures of security of information, which will be implemented by the information security committee of the institution studied, allowing better risk management. |
|---|