Seguridad de la información de infraestructura tecnológica y sistemas informáticos del GADM del cantón Chone basado en la norma ISO/IEC 27001

The purpose of the titling work was to prepare a Management Plan for Information Security in the Technological Infrastructure and Computer Systems of the Municipal Decentralized Autonomous Government of Chone Canton, based on the ISO / IEC 27001 Standard to reduce risks in the institutional informat...

Descripción completa

Detalles Bibliográficos
Autor: Moreira Álvarez, Jinnson Manuel
Tipo de recurso: tesis de maestría
Estado:Versión publicada
Fecha de publicación:2019
País:Ecuador
Institución:Escuela Superior Politécnica Agropecuaria de Manabí
Repositorio:Repositorio Escuela Superior Politécnica Agropecuaria de Manabí
Idioma:español
OAI Identifier:oai:repositorio.espam.edu.ec:42000/1077
Acceso en línea:http://repositorio.espam.edu.ec/handle/42000/1077
Access Level:acceso abierto
Palabra clave:Seguridad de la Información
Gestión de la información
AMFE
Riesgos en seguridad de la información
Descripción
Sumario:The purpose of the titling work was to prepare a Management Plan for Information Security in the Technological Infrastructure and Computer Systems of the Municipal Decentralized Autonomous Government of Chone Canton, based on the ISO / IEC 27001 Standard to reduce risks in the institutional information systems. The methodology applied was the achievement of objectives, where the first objective focused on determining the current situation of the processes, resources, information and infrastructure of the IT department through a checklist with structured questions based on the components of the standard applied, the second objective was the evaluation of the risks based on the vulnerabilities found with the previous objective, to then use the methodology Modal Analysis of Faults and Effects (AMFE), where the level of risks in each component was identified and evaluated, what allowed to obtain the mitigation actions in aspects of integrity, availability and reliability of the information. The third objective was obtained in accordance with the information of the two previous objectives, to which a general analysis was made, resulting in an information security management plan that proposes solution measures to the technological department under study. This proposal allows to improve the IT security aspects by means of the necessary corrections to safeguard the integrity of its data.