Diseño de un plan estratégico de seguridad de la información, mediante la aplicación de análisis de riesgos con la norma ISO/IEC 27005. Caso de estudioINAMHI

The research was carried out to the Ecuadorian State institutions, finding the need for a nade quate management of the information allowing the evaluation of the infrastructure, the information systems and the organizational measures from the technological perspective. In this study, we used the ind...

Descripción completa

Detalles Bibliográficos
Autor: Gonzales, Diego
Tipo de recurso: artículo
Estado:Versión publicada
Fecha de publicación:2018
País:Ecuador
Institución:Universidad Internacional del Ecuador
Repositorio:Repositorio Universidad Internacional del Ecuador
OAI Identifier:oai:repositorio.uide.edu.ec:37000/3317
Acceso en línea:https://doi.org/10.33890/innova.v3.n2.1.2018.672
https://repositorio.uide.edu.ec/handle/37000/3317
Access Level:acceso abierto
Palabra clave:gestión de riesgos; ISO 27005; seguridad de la Información; OCTAVE-S
risk management; ISO 27005; information security; OCTAVE-S
Descripción
Sumario:The research was carried out to the Ecuadorian State institutions, finding the need for a nade quate management of the information allowing the evaluation of the infrastructure, the information systems and the organizational measures from the technological perspective. In this study, we used the inductive-deductive method that with an experimental approach allowed the solution to the problem of the disorderly handling of information.In the study an audit was conducted by the governing body to the EGSI and allowed to establish a starting point, then with the risk analysis and ISO/IEC27005:2012-OCTAVE-S obtain the controls, policies and procedures of security of information, which will be implemented by the information security committee of the institution studied, allowing better risk management.