Sistema de Gestión de Seguridad de la Información basado en la norma ISO 27000:2022 mediante el tratamiento de riesgos para la Dirección de Tecnologías de la Información y Comunicación de la Universidad Nacional de Chimborazo para mejorar el esquema de información.

Sistema de Gestión de Seguridad de la Información basado en la norma ISO 27000:2022 mediante el tratamiento de riesgos para la Dirección de Tecnologías de la Información y Comunicación de la Universidad Nacional de Chimborazo para mejorar el esquema de información.

Information security is considered one of the fundamental pillars within the technological development, therefore, the aim of this research was to develop an Information Security Management System (ISMS) based on the ISO 27000:2022 standard for the Dirección de Tecnologías de la Información y Comuni...

Fuld beskrivelse

Saved in:
Bibliografiske detaljer
Hovedforfatter: Pilatuña Flores, Ángeles María (author)
Format: bachelorThesis
Sprog:spa
Udgivet: 2025
Fag:
SGSI
Riesgo
Activo
Tratamiento
Online adgang:http://dspace.unach.edu.ec/handle/51000/15578
Tags: Tilføj Tag
Ingen Tags, Vær først til at tagge denne postø!
Beskrivelse
Summary:Information security is considered one of the fundamental pillars within the technological development, therefore, the aim of this research was to develop an Information Security Management System (ISMS) based on the ISO 27000:2022 standard for the Dirección de Tecnologías de la Información y Comunicación (DTIC) of the Universidad Nacional de Chimborazo (UNACH). The proposal is based on the risk treatment analysis, to improve the information scheme, guaranteeing the integrity of the institution. The risk analysis in the DTIC, presents low, medium and high risks, the latter will be given a treatment process to mitigate their level of risk, that is why an exploratory and experimental methodology was used, facilitating the identification of essential factors of each asset, allowing the manipulation of variables. In order to contribute to information security in the DTIC, a risk treatment plan was developed based on the International Standard ISO 27000:2022, focusing mainly on the relevant controls and improvement actions, seeking to mitigate the risk level of the assets to a more acceptable level. Finally, after a detailed evaluation after the implementation of the plan, first data were obtained, in which, it was verified that the high risks were mitigated. In this way, the information security in the DTIC of the UNACH would be significantly strengthened, thanks to a more robust and effective protection system.

Lignende værker