Publicación: Planificación del sistema de gestión de seguridad de la información – Fase I, caso de estudio GasMovil Ltda.
Portada
Citas bibliográficas
Código QR
Autores
Autor corporativo
Recolector de datos
Otros/Desconocido
Director audiovisual
Editor/Compilador
Filiación Institucional
Tipo de Material
Fecha
Cita bibliográfica
Título de serie/ reporte/ volumen/ colección
Es Parte de
Resumen
In the industry, the implementation of management systems promotes an environment that allows maintaining the competitiveness, profitability and corporate image and adds value to the Company in all aspects, since it optimize the operations, fulfilling the corporate objectives. An information security management system (ISMS) is a useful tool which provides an important aid to the management of processes in organizations. In its creation must participate the whole personnel who handles and / or manages information, should be leaded by the management, having in mind everyone involved. The amount of information handled by companies is continuously growing, as well as the risks and threats to which it is exposed, where any vulnerability can bring the information to critical situations, such as: fraud, espionage, sabotage or vandalism, as well as unpredictable events, among others. In order to keep the information confidential , complete and available an information security management system was planned in the company GasMovil Ltda, using the ISO / IEC 27001:2005 standard, to ensure the risks that threaten the information security to be known, treated and minimized in a documented, organized, maintained and efficient way. (Comité Técnico Conjunto ISO/IEC JTC 1, 2005). During the Phase I of the planning developed in this project, the scope, policies, and objectives of ISMS were established, the risk were identified and analyzed, and the controls were selected towards managing the risk and improving the information security and thereby delivering the results in line with the mission and vision of the organization. The research methodology that was used for the development of this project was conducted by the approach of research- action, as a participating process with GasMovil employees and its management, and to carry out the analysis and risk management in the information systems was used the Risk Management and Analysis Methodology MAGERIT.