Cybersecurity framework for SMEs in Peru based on ISO/IEC 27001 and CSF NIST controls

Due to the global pandemic that was experienced in 2020, the Small and Medium Enterprises (SMEs) sector in Peru chose to store all their information in cloud services. However, a 2021 Kaspersky study indicates that SMBs have few resources to implement security solutions to protect their information....

Descripción completa

Detalles Bibliográficos
Autores: Angelo Edu, Munoz Luyo, Alexis, Garibay Palomino, Lenis, Wong Portillo
Tipo de recurso: artículo
Fecha de publicación:2023
País:Perú
Institución:Universidad Peruana de Ciencias Aplicadas
Repositorio:UPC-Institucional
Idioma:inglés
OAI Identifier:oai:repositorioacademico.upc.edu.pe:10757/669501
Acceso en línea:https://doi.org/10.23919/CISTI58278.2023.10211874
http://hdl.handle.net/10757/669501
Access Level:acceso embargado
Palabra clave:CFS NIST
controls
cyber-attacks
Cybersecurity
Framework
ISO/IEC 27001
SMEs
https://purl.org/pe-repo/ocde/ford#2.11.00
Descripción
Sumario:Due to the global pandemic that was experienced in 2020, the Small and Medium Enterprises (SMEs) sector in Peru chose to store all their information in cloud services. However, a 2021 Kaspersky study indicates that SMBs have few resources to implement security solutions to protect their information. For this reason, this article proposes a cybersecurity framework composed of controls from ISO/IEC 27001 and the Cybersecurity Framework (CSF) of the National Institute of Standards and Technology (NIST) to mitigate cyber-threats against SMEs in Peru. The framework consists of 7 steps having as reference the Deming cycle (PDCA). For the implementation of the composite framework, we worked with 12 domains and 40 controls for a Peruvian SME in the technology sector. The results showed an increase in cybersecurity of 40 %, after applying the 40 controls, improving its level of maturity from the 'insufficient' state to a 'mature' state, according to the assessment given.