Regresar

Security Model for the Integration of the Ministry of Telecommunications and the Information Society with a Public Organization of Ecuador

Abstract:

Information security is one of the most important aspects in organizations that has been constantly developing, driven by advances in Information and Communication Technologies. It should be noted that such development also entails the constant identification of new threats that put at risk the Information Security within the organization, so it is important the implementation of a security model that would guarantee the security of computer assets in the process of integration of the Ministry of Telecommunications and the information society with a Public organization of Ecuador with the objective of ensuring the basic principles of Information Security: Integrity, availability and confidentiality. Therefore, using the ISO / IEC 27001 standard, the guidelines of the safety model were defined. It should be noted that for the implementation of the ISO / IEC 27001 standard, it was based on the Deming Cycle which based the analysis stages that were implemented in the security model. The result was a security model that allowed an early identification of risk and the establishment of corrective measures to mitigate it, based on the criticality analysis of the assets generated in the integration of organizations, the impact measurement generated from the involvement of an asset due to the materialization of a risk, among others. In addition, the defined security model was based on the implementation of the Deming cycle, resulting in a dynamic model for risk management.