Analysis phase for the implementation of an Information Security Management System (I.S.M.S.) based on ISO 27001. Oriented to the media

Main Article Content

Esteban Fernando Castillo Durán
Fernando Illescas Peña
Andrés Sebastián Quevedo Sacoto

Abstract

Introduction: The lack of an IS Information Security management plan. In the majority of companies, added to the lack of knowledge of the importance of adequate information security management (IS), it represents a problem for organizations. Objective: Through this study, offer a guide that allows management to significantly improve the level of security that the company has. Methodology: It has been decided to use the controls proposed by the ISO 27001 standard, adopting the framework proposed by MAGERIT for the analysis and controls based on MITER. Results: The initial study provided preliminary values of the current situation of the company with which, we can deduce that the level of maturity in I.S. is deficient, this was detailed in the report addressed to management along with the suggested recommendations for mitigating the risks. Conclusion. The need to have a I.S. management plan was evident. that understands all the necessary policies to ensure that the company's maturity level conforms to the standards established in ISO 27001.

Downloads

Download data is not yet available.

Article Details

How to Cite
Castillo Durán, E. F., Illescas Peña, F., & Quevedo Sacoto, A. S. (2023). Analysis phase for the implementation of an Information Security Management System (I.S.M.S.) based on ISO 27001. Oriented to the media. ConcienciaDigital, 6(4.1), 6-25. https://doi.org/10.33262/concienciadigital.v6i4.1.2725
Section
Artículos

References

Agencia AFP (2019). Ecuador denuncia 40 millones de ciberataques tras retiro de asilo a Assange. El Comercio. https://www.elcomercio.com/actualidad/seguridad/ecuador-denuncia-millones-ciberataques-assange.html
Arévalo, F. M., Cedillo, I. P., & Moscoso, S. A. (2017). Metodología Ágil para la Gestión de Riesgos Informáticos Agile Methodology for Computer Risk Management. Revista Killkana Técnica, 1(2), 31–42.
https://gc.scalahed.com/recursos/files/r161r/w25610w/O1TI307_S2_R1.pdf
Ortiz, D. (2021, julio 29). Ecuador está entre los países con más ciberataques en América Latina. El Comercio. https://www.elcomercio.com/tendencias/tecnologia/ecuador-ciberataques-america-latina-hacker.html
Moran Maldonado, N. M. (2021). Estado de la ciberseguridad en las empresas del sector público del Ecuador: una revisión sistemática. Universidad Politécnica Salesiana, Guayaquil, Ecuador, 1–17. https://n9.cl/gwnhsb
Revista Seguridad360 (2022). El modelo de madurez de la capacidad de ciberseguridad. Revista Seguridad 360. https://revistaseguridad360.com/noticias/capacidad-de-ciberseguridad/
Salcedo, J. S. (2021). ¿Qué revela el ataque informático a la CNT sobre la seguridad de datos en Ecuador? - Canal News Ecuador.
https://canalnewsecuador.com/2021/09/21/que-revela-el-ataque-informatico-a-la-cnt-sobre-la-seguridad-de-datos-en-ecuador/
MAGERIT V.3 : Metodología de análisis y Gestión de Riesgos de los sistemas de información. (2012). https://administracionelectronica.gob.es/pae_Home/pae_Documentacion/pae_Metodolog/pae_Magerit.html
Avila Torres, R. A. (2021). Análisis y evaluación de riesgos: aplicado a EMAPAL-EP, basado en la metodologí¬a de MAGERIT versión 3.0. www.dominiodelasciencias.com. https://doi.org/10.23857/dc.v7i4.2425