Publicación: Análisis de riesgos al Sistema de información Transaccional (TSP) en su elemento software para la empresa de servicios públicos del municipio de Arauca EMSERPA E.I.C.E. E.S.P. bajo el estándar ISO 27001:2013 y la metodología MAGERIT
Portada
Citas bibliográficas
Código QR
Autor corporativo
Recolector de datos
Otros/Desconocido
Director audiovisual
Editor/Compilador
Filiación Institucional
Tipo de Material
Fecha
Cita bibliográfica
Título de serie/ reporte/ volumen/ colección
Es Parte de
Resumen
This paper addresses the subject of the audit process based on the MAGERIT 3.0 methodology whose focus is the risk management process. MAGERIT implements the Risk Management Process within a framework so that those charged with the governance of the organization make decisions based on the risks derived from the use of information technologies. This process is carried out in order to know the current status of the EMSERPA EICE ESP company. For this, security dimensions are also taken into account: availability, integrity, confidentiality, authenticity and traceability, since compliance with these shows the current provisions of the company in the face of the different risks to which it is exposed. MAGERIT also defines a series of assets, as well as their corresponding threats according to the level of compliance in which the company is on each one of the assets and also the ISO 27002: 2013 standard is taken into account, which can be used for processes both internal and external auditing and is generic since an organization can be applied regardless of its type, size or nature. It also defines 14 domains, 35 control objectives and 114 controls that encompass different factors related to the security of the assets, which is why they also allow determining the scope of the analysis that is intended to be carried out together with the elements under analysis. To know the current state of the company, a checklist format is applied according to the domains, control objectives chosen together with the defined scope, in addition to a gap matrix which allows, through heat maps, to determine the strong and weak points in each of the chosen controls.