Maestría en Tecnologías de la Información

Permanent URI for this collectionhttp://repositorio.uta.edu.ec/handle/123456789/36842

Browse

Filter results by typing the first few letters
Now showing 1 - 1 of 1
  • No Thumbnail Available
    Item
    Procedimiento de gestión de riesgos del área informática de la EPM-GIDSA mediante la aplicación de normas internacionales
    (Universidad Técnica de Ambato. Dirección de Posgrado. Maestría en Tecnologías de la Información., 2022-10-20) Guevara Toalombo, Jessica Maricela; Gómez Alvarado, Héctor Fernando
    The technological era has allowed companies to automate repetitive processes and streamline the services provided to its users, at the same time the Information and Communication Technologies are becoming easy targets against multiple threats, allowing the materialization of risks and/or partial or total loss of very important assets for any company (Castro-Maldonado & Villar-Vega, 2021). Therefore, the purpose of this work is to develop a risk management procedure for the IT area of the Municipal Public Company for the Integral Management of Solid Waste of the Ambato canton, applying international standards, for which the current theoretical basis of risk management of the IT area of the Municipal Public Company for the Integral Management of Solid Waste of the Ambato canton will be reviewed, the adequate risk management methodology will be identified, once the good practices of international standards have been analyzed, and finally the procedure for risk management of the IT area of the Municipal Public Company for the Integral Management of Solid Waste of the Ambato canton will be elaborated. Through the field observation of the risk management of the IT area of the Municipal Public Company for the Integral Management of Solid Waste of the Ambato canton and after the application of the international standard ISO 31000 and MAGERIT methodology, a decrease in the value of the risk of Intentional Attacks from 285 to 255, the Failures and unintentional errors from 452.70 to 351.30 and the risks of Industrial Origin from 203.55 to 146.55 was evidenced. Thus confirming the research hypothesis that the application of the international standard ISO 31000 and the MAGERIT V3 methodology reduced the total risk values from 960.75 to 772.35; also considering that the main asset in any company is the Human due to the direct activity with the information, this research emphasized the application of controls towards the risks of type Failures and unintentional errors resulting from the direct actions towards the company's information.