Maestría en Tecnologías de la Información

Permanent URI for this collectionhttp://repositorio.uta.edu.ec/handle/123456789/36842

Browse

Filters

20222

Settings

Has files: YesSubject: search.filters.subject.ACTIVOS

Search Results

Now showing 1 - 2 of 2
  • No Thumbnail Available
    Item
    EVALUACIÓN DE RIESGOS INFORMÁTICOS Y DISEÑO DE UN PLAN DE CONTINGENCIA PARA EL ÁREA DE TECNOLOGÍA DE LA EMPRESA IMPORTADORA ALVARADO VÁSCONEZ CIA. LTDA., UBICADA EN LA CIUDAD DE AMBATO.
    (Universidad Tecnica de Ambato, Magíster en Tecnologías de la Información., 2022-11-22) Aranda Moposita, Juan Pablo; Gómez Alvarado, Héctor Fernando
    Companies every day are growing their information and assets which have the need to safeguard the integrity of their information against potential risks, these risks if not detected and controlled in time can cause great damage and economic losses, to mitigate these risks it is necessary to have a methodology for analysis and risk management. For this reason we have seen the need to implement the methodology MAGERIT version 3.0, which helps us to effectively manage the risks to which our most critical assets are exposed to the technology area of the company Importadora Alvarado Vásconez Cía, based on the ISO 31000 standard, which will allow us to prevent and detect incidents that may occur, obtaining information about the vulnerabilities to which they are exposed, determine the impact that can generate and the threats if they materialize in the information systems, establishing processes to identify and reduce the risks that threaten the stability of the company, IT infrastructure and most importantly the information. After the risk analysis, a contingency plan will be developed based on ISO/IEC 27001:2013, which will consist of 4 stages, which will help us to ensure that the company's critical processes continue to function in the event of a failure in the technological systems and allow them to continue operating, even at the minimum level of their activities. The results obtained will help to identify the risk level of the company's most critical assets, the current security maturity level, as well as the threats or vulnerabilities to which they are exposed, their risk levels including the impact and probability of occurrence, and their respective contingency plan for the company's most critical processes.
  • No Thumbnail Available
    Item
    Procedimiento de gestión de riesgos del área informática de la EPM-GIDSA mediante la aplicación de normas internacionales
    (Universidad Técnica de Ambato. Dirección de Posgrado. Maestría en Tecnologías de la Información., 2022-10-20) Guevara Toalombo, Jessica Maricela; Gómez Alvarado, Héctor Fernando
    The technological era has allowed companies to automate repetitive processes and streamline the services provided to its users, at the same time the Information and Communication Technologies are becoming easy targets against multiple threats, allowing the materialization of risks and/or partial or total loss of very important assets for any company (Castro-Maldonado & Villar-Vega, 2021). Therefore, the purpose of this work is to develop a risk management procedure for the IT area of the Municipal Public Company for the Integral Management of Solid Waste of the Ambato canton, applying international standards, for which the current theoretical basis of risk management of the IT area of the Municipal Public Company for the Integral Management of Solid Waste of the Ambato canton will be reviewed, the adequate risk management methodology will be identified, once the good practices of international standards have been analyzed, and finally the procedure for risk management of the IT area of the Municipal Public Company for the Integral Management of Solid Waste of the Ambato canton will be elaborated. Through the field observation of the risk management of the IT area of the Municipal Public Company for the Integral Management of Solid Waste of the Ambato canton and after the application of the international standard ISO 31000 and MAGERIT methodology, a decrease in the value of the risk of Intentional Attacks from 285 to 255, the Failures and unintentional errors from 452.70 to 351.30 and the risks of Industrial Origin from 203.55 to 146.55 was evidenced. Thus confirming the research hypothesis that the application of the international standard ISO 31000 and the MAGERIT V3 methodology reduced the total risk values from 960.75 to 772.35; also considering that the main asset in any company is the Human due to the direct activity with the information, this research emphasized the application of controls towards the risks of type Failures and unintentional errors resulting from the direct actions towards the company's information.