Ingeniería en Sistemas, Electrónica e Industrial

Permanent URI for this communityhttp://repositorio.uta.edu.ec/handle/123456789/1

Browse

Subject: search.filters.subject.ISO 27001

Search Results

Now showing 1 - 2 of 2
  • No Thumbnail Available
    Item
    Auditoría informática aplicando la Norma ISO 27001 para optimizar la seguridad de la información en el Departamento de Tic’s del Centro de Investigación y Desarrollo FAE.
    (Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Ingeniería en Sistemas Computacionales e Informáticos, 2022-06) Chagmana Pomaquero, Remigio Leonel; Mayorga Mayorga, Franklin Oswaldo
    At present, information is one of the most important assets within any organization, its security and administration require a complete analysis to identify any risk to which it is exposed so that in this way the integrity, confidentiality and availability of the information is guaranteed. information optimally. The purpose of the research project is to minimize risks and provide security to the information that is handled daily in the ICT Department of the FAE Research and Development Center, through the application of information security policies that are based on the standard ISO27001. First, an analysis of the current state of security in the ICT Department was carried out through the application of interviews and surveys, which were applied to the Chief and the employees of the aforementioned department. The methodology used was based on the Deming cycle, which is made up of 4 phases (Plan, Implement, Verify and Act), in which each phase constitutes act ivities that allow planning, determining its scope, making an inventory of information assets and the valuation of assets with the aim of determining and analyzing the risks, threats and vulnerabilities that intervene in the management of information security. Afterwards, an Information Security Plan was prepared in which the Scope, Characterization, Risk Analysis and the Creation of new Information Security Policies will be defined for approval and application in the ICT Department on FAE Research and Development Center, with this it is expected that the Head and employees of the Department comply with the policies established to guarantee adequate control in the areas where there are shortcomings in terms of information security, maintain constant monitoring in the corresponding areas.
  • No Thumbnail Available
    Item
    Auditoría de seguridad de la información aplicando la Norma ISO/IEC 27001 en el Gobierno Autónomo Descentralizado San Pedro de Pelileo
    (Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Ingeniería en Sistemas Computacionales e Informáticos, 2021-09) Aillón Carrasco, Mayra Elizabeth; Chicaiza Castillo, Dennis Vinicio
    The purpose of the research project is to mitigate risks and protect the information that is handled daily in The Gobierno Autónomo Descentralizado Municipal San Pedro de Pelileo, through the application of policies that are based on the ISO 27001 standard in the field of security in terms of access control, asset anagement, physical security, personnel restrictions, among others. An analysis of the current state of the institution was obtained through the application of techniques such as interviews, a survey that was applied to the chief, technicians of the Technological Management Unit and officials of the municipality, in addition to constant visits, the existence of Failures such as the physical environment in which the server room is located does not have the corresponding adaptations and they are exposed to a large number of risks since the physical facilities are not adequate, the incorrect use of passwords by municipal officials, etc. According to the data provided by the analysis, policies were created that are based on the ISO 27001 standard for their application approval in the Technological Management unit of the San Pedro de Pelileo Municipal Government. to the policies established so that there is strict control in the areas where there are shortcomings in terms of security, always seeking continuous improvement with the application of constant monitoring of all existing areas.