Aplicación de la norma ISO 27002 para mejorar la seguridad de la información de la empresa COMPURED SAC

Gutierrez Ruiz, Erik Ivan; Velasquez Vasquez, Rulber Tito

Aplicación de la norma ISO 27002 para mejorar la seguridad de la información de la empresa COMPURED SAC

Files

GUTIERREZ RUIZ, Erick I. - VELAQUEZ VASQUEZ, Rulber T.pdf (4.26 MB)

Date

2019

Authors

Gutierrez Ruiz, Erik Ivan

Velasquez Vasquez, Rulber Tito

Publisher

Universidad Nacional de Trujillo

Abstract

El presente estudio tiene como objetivo general determinar la influencia de la norma ISO 27002 en la seguridad de la información de la empresa COMPURED_x000D_ SAC para que la información de esta sea segura. Para ello se aplicaron instrumentos de recolección de datos para determinar la importancia de la seguridad de la información en la empresa. El estudio implicó utilizar una guía de observación con ayuda de los trabajadores involucrados en la seguridad de la información de la empresa COMPURED SAC, mapeándose los procesos de la empresa para identificar las deficientes prácticas de seguridad de la información. Con la información se creó una ficha resumen que mostraba el estado de los indicadores de acuerdo a las dimensiones de la seguridad de la información:_x000D_ Confidencialidad, Integridad y Disponibilidad. Los datos encontrados se plasmaron en una tabla donde se mostró el estado de la seguridad de la información después de la implementación de la norma ISO 27002, para después compáralo con su estado antes de realizar el presente estudio y finalmente evaluar económicamente el proyecto

Description

The general objective of this study is to stablish the influence of ISO 27002_x000D_ standard on the informations security of COMPURED company to make its safe._x000D_ For that, data collection instruments were applied to stablish the importance of informations security in the company and to determine if the company lacks good_x000D_ practices in terms of informations security. The study involved the use of an observation_x000D_ guide with the help of the workers involved in the informations security of_x000D_ COMPURED company to stablish the reality of the company with regards to informations_x000D_ security, the processes of the company that allow us access were mapped,_x000D_ so they identified the deficient informations security practices, and then generating_x000D_ process cards where the status of their informations security indicators were stablish;_x000D_ with the information of those files a summary file was created that showed_x000D_ the status of the indicators according to the dimensions of informations security:_x000D_ Confidentiality, Integrity and Availability. The values mentioned above, were placed_x000D_ in a table where their status was diagnosed and the level of security of the_x000D_ information could be stablished. Subsequently, a prioritization matrix was used to_x000D_ determine which controls would be used to improve the bad practices found in the_x000D_ processes, after implementing the controls, the processes were diagrammed again_x000D_ V to show the implementation and new tabs were generated for the processes and for_x000D_ the dimensions where the status of information security indicators were shown after_x000D_ implementation. The data found was shown in a table where the state of information_x000D_ security was shown after the implementation of ISO 27002 standard, and then compare_x000D_ it with its status before carrying out the present study and finally evaluating_x000D_ the project economically._x000D_ VI

Keywords

Control, Riesgo, Monitoreo, ISO

URI

https://hdl.handle.net/20.500.14414/14908

Collections

Tesis de Informática

Full item page