Browsing by Author "Orellana Román Ángel Eduardo"
Now showing 1 - 1 of 1
Results Per Page
Sort Options
- ItemSistema de gestión de seguridad de la información orientado a empresas de servicios auxiliares de entidades financieras(Instituto Superior Tecnológico Particular Sudamericano, 2025) Orellana Román Ángel EduardoCurrently, the growing use of digital technologies generates a large amount of information, increasing its importance and making it vital in decision-making and organizational development. However, this growth also exposes organizations to greater security risks by increasing the number of communication channels that need to be protected, reinforcing the need to implement systems that protect this information (Himeur et al., 2022, as cited in Nikiforova, 2022). As BESTTECH SAS is a company dedicated to software development and acts as an auxiliary service provider for financial institutions, it has a great responsibility to keep the information that its clients share with it for the development of their activities secure. However, it does not have an Information Security Management System (ISMS) in place to guarantee the confidentiality, integrity, and availability of information assets, creating internal risks and risks for its clients. The purpose is to design and implement an ISMS based on the ISO/EC 27001:2022 standard and to generate the controls, policies, procedures, and manuals that will mitigate internal operational risk, providing the security required by its clients and the regulatory entities in the cooperative financial sector. This implementation was carried out by adopting the international standard ISO/ICE 27003. The research required defining the SoA, which was done based on the results of the GAP analysis at the beginning of the project, making it possible to determine the information assets, processes, and activities involved, which also allowed for the identification of vulnerabilities, risk calculation, definition of the criticality represented by the risk, and the controls necessary for its mitigation. It became clear that the implementation of the ISMS was imperative due to the lack of controls, even in basic processes, where security measures were not considered, generating critical levels of insecurity for information assets.