Ingeniería en Sistemas, Electrónica e Industrial

Permanent URI for this communityhttp://repositorio.uta.edu.ec/handle/123456789/1

Browse

Filters

20221

Settings

Author: search.filters.author.Cordero Núñez, Mayra GabrielaSubject: search.filters.subject.MAGERIT

Search Results

Now showing 1 - 1 of 1
  • No Thumbnail Available
    Item
    Políticas de seguridad de la información basadas en normas internacionales para garantizar controles ante amenazas y vulnerabilidades en el departamento de tecnología de la cooperativa de ahorro y crédito San Francisco LTDA
    (Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Ingeniería en Sistemas Computacionales e Informáticos, 2022-03) Cordero Núñez, Mayra Gabriela; Ibarra Torres, Oscar Fernando
    This research works focuses on conducting a study of information security policies based on international standards to ensure controls against threats and vulnerabilities in the Department of Technology of the Cooperativa de Ahorro y Crédito San Francisco Ltda., for which A qualitative-quantitative methodology was applied for this, a survey was designed to obtain information from the staff of the Technology Department of the Cooperative and an interview was also applied to the security officer of the Cooperative to determine the level of information security implemented within the organization. From the results obtained from the survey and the interview, it was possible to determine that the implementation of a security policy based on international standards would benefit the Technology Department of the Cooperativa de Ahorro y Crédito San Francisco Ltda. Subsequently, a comparative table was made with the advantages and disadvantages of international standards regarding information security, from which it was possible to determine that the ISO 27002 standard is the most suitable for information and asset security policies of an organization. Finally, the proposal was made based on the Magerit methodology, which consists of three fundamental processes: planning, risk analysis and risk management. For risk management, 5 domains and 14 main controls of the ISO 27002 standard were used, with which an information security policy was developed for the financial institution.