Diagnóstico y estructura de las buenas prácticas en la gestión de la seguridad de la información basados en la norma ISO /IEC 27001 para la Empresa Avcamnet S.A en Babahoyo.

Diagnóstico y estructura de las buenas prácticas en la gestión de la seguridad de la información basados en la norma ISO /IEC 27001 para la Empresa Avcamnet S.A en Babahoyo.

The present research work named "Diagnosis and structure of good practices in information security management based on the ISO / IEC 27001 standard for the company Avcamnet S.A in Babahoyo". The main objective of this research is to evaluate the application of good information security pra...

Fuld beskrivelse

Saved in:
Bibliografiske detaljer
Hovedforfatter: Paz Caicedo, Michelle María (author)
Format: bachelorThesis
Udgivet: 2023
Fag:
Diagnostico
Norma ISO
Control interno
Gestión
Evaluación
Cumplimiento
Online adgang:http://dspace.utb.edu.ec/handle/49000/13999
Tags: Tilføj Tag
Ingen Tags, Vær først til at tagge denne postø!
Beskrivelse
Summary:The present research work named "Diagnosis and structure of good practices in information security management based on the ISO / IEC 27001 standard for the company Avcamnet S.A in Babahoyo". The main objective of this research is to evaluate the application of good information security practices based on the ISO / IEC 27001 standard in AVCAMNET S.A. Methods such as documentary or bibliographical research were used, with a qualitative approach that allows the author to adequately understand the company's computer system, so that they agree to collect and analyze relevant information, including the review of specialized literature and the study of practical cases. Through the execution of the interview, the current situation of the control domains was determined, the compliance evaluation and the percentage of each control with respect to the total number of controls necessary in the domain was estimated. It can be noted that it only complies with 21.4% of the procedures and policies related to the security of the information it possesses. This indicates that it does not meet 78.6% of the control requirements. The company does not have a formal internal control for information management, but efforts are underway to implement it. It was concluded that the security control of the APS system information is carried out through questionnaires and the information is secured through the assignment of profiles and access control.

Lignende værker