Propuesta de un SGSI según la norma ISO/IEC 27001:2013 en la Dirección de Tecnologías de Información de la Universidad Nacional de Loja.
Information security is essential for educational institutions to address the risks associated with using technology and thus meet their strategic objectives. However, the absence of up-to-date and formal documentation to direct the performance of employees can result in considerable harm. As a resu...
Збережено в:
| Автор: | |
|---|---|
| Формат: | bachelorThesis |
| Мова: | spa |
| Опубліковано: |
2024
|
| Предмети: | |
| Онлайн доступ: | https://dspace.unl.edu.ec/jspui/handle/123456789/31523 |
| Теги: |
Додати тег
Немає тегів, Будьте першим, хто поставить тег для цього запису!
|
Додати тег | Резюме: | Information security is essential for educational institutions to address the risks associated with using technology and thus meet their strategic objectives. However, the absence of up-to-date and formal documentation to direct the performance of employees can result in considerable harm. As a result, the goal of this curricular integration work is to create a proposal for an information security management system (ISMS) based on the ISO/IEC 27001:2013 standard. This proposal will focus on developing specific policies for the Directorate of Information Technology (DTI) at the National University of Loja. The development of the ISMS was structured following the PDCA cycle and the MAGERIT v.3 methodology. In the planning phase (P), we gathered relevant information from both the internal and external contexts of the DTI. We defined the scope of the ISMS, established a high-level security policy, and carried out risk assessment and treatment. This culminated with the declaration of the applicability of security controls. During the implementation phase (D), 27 specific information security policies were developed designed to mitigate the risks identified in the ITD. In the verification phase (C), the effectiveness of these policies was assessed. The 114 risks classified as "very high” and the 285 risks classified as "high" were completely reassessed. This resulted in a 52.53% increase in medium risks and a 135.09% increase in low risks. As a result, the DTI's maturity level improved from 2 (implemented) to 3 (defined). Finally, in the Act (A) phase, the ISMS was handed over to the DTI. It is concluded that the ISMS policies support the reduction of risks related to information assets, creating a more secure and controlled environment in the DTI. Keywords: Information Security, PDCA Cycle, MAGERIT v.3, Risk Mitigation |
|---|