1 research outputs found
Development of an ISMS for professional associations in the Lambayeque Region. Case Study: College of Engineering
Los colegios profesionales (CP) son instituciones aut贸nomas con personer铆a jur铆dica de derecho p煤blico interno, sin fines de lucro, creadas por ley, agrupan a los profesionales en el 谩mbito de su jurisdicci贸n. La problem谩tica radica en la falta de seguridad de la informaci贸n (SI) en la organizaci贸n, en la actualidad la
informaci贸n es un activo clave para las empresas, sin embargo no se resguarda de manera adecuada para cumplir con los objetivos estrat茅gicos de la organizaci贸n. La informaci贸n es parte principal en los procesos, servicios y tecnolog铆as en el sector p煤blico o privado; sin importar el tama帽o; es vital cumplir
con las caracter铆sticas de la SI: confidencialidad, integridad, disponibilidad (CID), en general se suele actuar de manera reactiva, desarrollar un Sistema de Gesti贸n de Seguridad de la Informaci贸n (SGSI), permitir谩 actuar en forma proactiva ante eventos que afecten la SI. Se analiz贸 enfoques de est谩ndares para gestionar la SI (ISO 27000, COBIT, ITIL, MAGERIT). Como objetivos de esta investigaci贸n culturizar a la alta direcci贸n sobre SI, analizar las brechas, la identificaci贸n de los riesgos, identificar y evaluar los controles, y por ultimo plantear los proyectos de SI; finalmente se hace uso de la norma ISO 27001 en la
aplicaci贸n al caso: Colegio de Ingenieros del Per煤 (CIP), implic贸 gesti贸n de riesgos (GR), identificaci贸n de controles, normas, pol铆ticas y mejoras en los procesos de negocio definidos en el documento de alcance.Abstract : Professional associations (CP) are autonomous institutions with legal personality under public law, nonprofit, created by law; bring together professionals in the field of jurisdiction. The problem lies in the lack of information security (SI) in the organization, now the information is a key asset for companies, though not adequately safeguards to meet the strategic objectives of the organization. Information is principal and central part in processes, services and technologies in the public or private sector; regardless of size; is vital to meet the characteristics of the SI: confidentiality, integrity, availability (CID), the tendency is to act in a reactive way, develop a Management System Information Security (ISMS), allow to act proactively to events that affect the SI. It approaches standards were analyzed to manage the SI (ISO 27000, COBIT, ITIL, MAGERIT). It was proposed as targets for this research culturizar to top management on SI, analyze gaps, identification of risks, identify and assess controls, and finally prepare draft SI finally use is made of ISO 27001 in the application to the case: Departmental Council of Lambayeque Engineers Association of Peru (CIP), involved risk management (GR), identification of controls, standards, policies and improvements in business processes defined in the scoping document