Análisis de ciberseguridad en la ESPAM MFL, utilizando las metodologías AMFE y marisma

The present work was to develop a Cybersecurity Analysis at ESPAM MFL, to assess the risks found in the area of information security through the use of AMFE and MARISMA methodologies. To comply with the execution, it was necessary to use the methods: bibliographic, investigative-exploratory and anal...

Descripción completa

Detalles Bibliográficos
Autores: Cedeño Santana, Karina Lisbeth, Loor Valencia, Gina Elizabeth
Tipo de recurso: tesis de maestría
Estado:Versión publicada
Fecha de publicación:2020
País:Ecuador
Institución:Escuela Superior Politécnica Agropecuaria de Manabí
Repositorio:Repositorio Escuela Superior Politécnica Agropecuaria de Manabí
Idioma:español
OAI Identifier:oai:repositorio.espam.edu.ec:42000/1338
Acceso en línea:http://repositorio.espam.edu.ec/handle/42000/1338
Access Level:acceso abierto
Palabra clave:Ciberseguridad
ESPAM MFL
Gestión de riesgos
AMFE
MARISMA
Descripción
Sumario:The present work was to develop a Cybersecurity Analysis at ESPAM MFL, to assess the risks found in the area of information security through the use of AMFE and MARISMA methodologies. To comply with the execution, it was necessary to use the methods: bibliographic, investigative-exploratory and analytical. Through the bibliographic method, the foundation of both methodologies and applicability were defined; with the investigative-exploratory method, an overview was obtained, which allowed studying the risks, later to apply them in the analytical one, through the implementation of the eMarisma tool, from which the information, application and network security patterns were identified, in addition of the controls used in both methodologies, and therefore the cybersecurity risk management plan, allowing parameterization of mitigation criteria based on the results obtained from dynamic maintenance based on the vulnerabilities found in AMFE, in which important aspects were linked of ISO 27032, 25001 and other regulations that guaranteed the support of risk mitigation processes. The aforementioned procedure established that in these patterns the Marisma methodology is efficient by recalculating asset data for threats, risk analysis and the treatment plan to carry out adequate control management, vulnerability risk analysis and threats raised in information systems, while AMFE provides a static assessment of these risks in cybersecurity.