Sistema de gestión de seguridad de la información para mejorar la gestión del riesgo informático de clínica San Pedro Chimbote
No Thumbnail Available
Date
2023
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Universidad Nacional de Trujillo
Abstract
Las empresas de hoy en día necesitan recopilar y categorizar información para usarla de manera más eficiente y segura, pero a media que crece su volumen, queda expuesta a riesgos que pueden traducirse en perjuicio cuando no se controlan de forma adecuada y oportunamente, en ese sentido, esta tesis ha propuesto implementar un Sistema de Gestión de la Seguridad de la Información (SGSI) para minorar los riesgos, garantizar la seguridad a la información y mejorar la gestión de riesgos informáticos de la clínica San Pedro Chimbote. Durante la investigación se describió los conceptos relacionados al SGSI y su aplicación para mejorar la administración del riesgo informático en la clínica en mención, siendo necesario sostenerse en la ISO/IEC 27001, norma que ofrece las buenas prácticas para implementar un SGSI. El tipo de investigación es aplicada con diseño preexperimental, considera una medición anticipada de preprueba, luego una posprueba con una medición nueva de la variable dependiente. Por último, según resultados obtenidos de esta investigación, se concluye que, implementar un SGSI mejora significativamente la gestión del riesgo en la clínica San Pedro Chimbote, facilitando su aplicación en cualquier otra clínica.
Today's companies need to collect and categorize information in order to use it more efficiently and securely, but as their volume grows, they are exposed to risks that can result in harm when they are not controlled adequately and in a timely manner, in that sense. , this thesis has proposed to implement an Information Security Management System (ISMS) to reduce the risks, and guarantee the security of the information and improve the management of computer risks of the San Pedro Chimbote clinic. During the investigation, the concepts related to the ISMS and its application to improve the management of computer risk in the clinic in question were described, being necessary to support ISO / IEC 27001, a standard that offers good practices to implement an ISMS. The type of research is applied with a pre-experimental design, it considers an anticipated pre-test measurement, then a post-test with a new measurement of the dependent variable. Finally, according to the results obtained from this research, it is concluded that implementing an ISMS significantly improves risk management in the San Pedro Chimbote clinic, facilitating its application in any clinic.
Today's companies need to collect and categorize information in order to use it more efficiently and securely, but as their volume grows, they are exposed to risks that can result in harm when they are not controlled adequately and in a timely manner, in that sense. , this thesis has proposed to implement an Information Security Management System (ISMS) to reduce the risks, and guarantee the security of the information and improve the management of computer risks of the San Pedro Chimbote clinic. During the investigation, the concepts related to the ISMS and its application to improve the management of computer risk in the clinic in question were described, being necessary to support ISO / IEC 27001, a standard that offers good practices to implement an ISMS. The type of research is applied with a pre-experimental design, it considers an anticipated pre-test measurement, then a post-test with a new measurement of the dependent variable. Finally, according to the results obtained from this research, it is concluded that implementing an ISMS significantly improves risk management in the San Pedro Chimbote clinic, facilitating its application in any clinic.
Description
Keywords
Sistema de gestión de seguridad de la información, ISO/IEC 27001, Activos de información, Gestión del riesgo, Disponibilidad, Confidencialidad, Integridad