Diseño de un plan estratégico de seguridad de la información, mediante la aplicación de análisis de riesgos con la norma ISO/IEC 27005. Caso de estudioINAMHI
The research was carried out to the Ecuadorian State institutions, finding the need for a nade quate management of the information allowing the evaluation of the infrastructure, the information systems and the organizational measures from the technological perspective. In this study, we used the ind...
| Autor: | |
|---|---|
| Tipo de recurso: | artículo |
| Estado: | Versión publicada |
| Fecha de publicación: | 2018 |
| País: | Ecuador |
| Institución: | Universidad Internacional del Ecuador |
| Repositorio: | Repositorio Universidad Internacional del Ecuador |
| OAI Identifier: | oai:repositorio.uide.edu.ec:37000/3317 |
| Acceso en línea: | https://doi.org/10.33890/innova.v3.n2.1.2018.672 https://repositorio.uide.edu.ec/handle/37000/3317 |
| Access Level: | acceso abierto |
| Palabra clave: | gestión de riesgos; ISO 27005; seguridad de la Información; OCTAVE-S risk management; ISO 27005; information security; OCTAVE-S |
| Sumario: | The research was carried out to the Ecuadorian State institutions, finding the need for a nade quate management of the information allowing the evaluation of the infrastructure, the information systems and the organizational measures from the technological perspective. In this study, we used the inductive-deductive method that with an experimental approach allowed the solution to the problem of the disorderly handling of information.In the study an audit was conducted by the governing body to the EGSI and allowed to establish a starting point, then with the risk analysis and ISO/IEC27005:2012-OCTAVE-S obtain the controls, policies and procedures of security of information, which will be implemented by the information security committee of the institution studied, allowing better risk management. |
|---|