Ingeniería en Sistemas, Electrónica e Industrial
Permanent URI for this communityhttp://repositorio.uta.edu.ec/handle/123456789/1
Browse
1 results
Search Results
Item Sistema de gestión de seguridad de la información (SGSI) basado en la Norma ISO 27001 para el control de la seguridad informática de la empresa Epc-Compu de la ciudad de Ambato(Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Tecnologías de la Información, 2023-09) Sailema Fiallos, Soraya Cristina; Balarezo, Julio EnriqueActually, data has become a valuable resource for organizations and its control demands a thorough analysis in order to protect them from possible risks to which they are exposed. In this manner, it seeks to ensure the integrity, confidentiality and accessibility of information. The present research proyect aims to implement an information security management system (ISMS) based on the ISO 27001 standard for the control of computer security of the company EPCCOMPU in Ambato city. First, a study of ISO 27001 was carried out to create a manual based on the ISO 27001:2013 standard, which contains the necessary points that must be followed to correctly implement an Information Security Management System, then an analysis of the current state of computer security through the collection of information from interviews and an observation sheet that allowed obtaining a starting point for the design of the ISMS, an analysis of the critical processes of the company EPC-COMPU to perform risk assessment in order to identify and analyze the vulnerabilities and threats involved in the management of information security for this analysis, the necessary controls of the ISO 27001 standard were selected, then risk management was carried out identifying prevention, detection and correction by consequence detailed in the contingency plan. Finally, monitoring and control processes were developed to define the activities with their respective managers