Study of the maturity of information security in public organizations of Ecuador

Abstract:

The present paper makes a study of the maturity of Information Security Management Systems of the Public Sector of Ecuador. Through a theoretical study, 5 factors were determined that make up an effective Information Security Management System: internal organizational control, information security policy, information security culture, and technical activities for the security of information and new technologies. The five factors were evaluated through a scale to determine the level of maturity of the process of information security from the perception of ICT (Information Technology and Communication) managers of public sector entities. Findings of the analysis showed that technical activities for information security was the factor with a higher level of maturity due to the implementation of technological tools by the personnel of ICT area. On the other hand, internal organizational control was the least mature factor, indicating that this area needs more attention. Despite the requirement of the international standards of information security in most public entities, the process is still at a level of maturity between repeatable and defined.

Año de publicación:

2018

Keywords:

• information security
• Information security culture
• Internal control
• Information security policy

Fuente:

scopus