Desarrollo de una auditoría informática de las tecnologías de información basada en la norma internacional ISO/IEC 38500:2008, en el departamento de sistemas del Gobierno Autónomo Descentralizado Municipal del cantón Huaquillas
This titling project was developed in the department of systems "Autonomous Government Decentralized Canton Huaquillas", an institution dedicated to the harmonious and sustained development of the city, both in the social, cultural and economic aspects, with clear objectives service commun...
Gardado en:
| Autor Principal: | |
|---|---|
| Formato: | bachelorThesis |
| Idioma: | spa |
| Publicado: |
2015
|
| Subjects: | |
| Acceso en liña: | http://repositorio.utmachala.edu.ec/handle/48000/5999 |
| Tags: |
Engadir etiqueta
Sen Etiquetas, Sexa o primeiro en etiquetar este rexistro!
|
Engadir etiqueta | Summary: | This titling project was developed in the department of systems "Autonomous Government Decentralized Canton Huaquillas", an institution dedicated to the harmonious and sustained development of the city, both in the social, cultural and economic aspects, with clear objectives service community. In the institution lacked policies and computer security standards, that caused problems for the protection of computer equipment, exposing them to a number of vulnerabilities, threats and risks, which is why we worked on the "Development of a computer audit Information technology based on the international standard ISO / IEC 38500: 2008 ", which is directed primarily to senior management of organizations to provide guidelines and enforce ethical legal obligations, regulatory and regarding the use of iT in organizations, which refers to compliance and responsibilities of IT services resulting in the evaluation and analysis of assets and implicit liabilities in each process, achieving identify shortcomings in terms of IT security. To mitigate these shortcomings was proposed and leave the institution a manual of policies and security standards; 2008 whose main objective is to provide a framework of principles aimed at the management of organizations, establishing models for IT model, based on assess, manage and monitor the use of technologies: for that ISO / IEC 38500 standard was used of the information. For the development of risk analysis we used qualitative techniques, which formulated a bank of questions and comments written in interviews, questionnaires aimed interpret information easily. Therefore the development of this computer audit was improved the quality and efficiency of the processes of that institution, for the purpose of analyzing and assessing risks, establishing policies and safety standards to ensure the confidentiality, availability and integrity of the information. |
|---|