As part of the information security management system, it is necessary for the company to carry out adequate risk management that allows it to know what the main vulnerabilities of its information assets are and what threats it presents. To the extent that the company is clear about this risk identification, it will be able to establish viable preventive and corrective measures that guarantee higher levels of security in its information. It is allowed to carry out an analysis of risks and threats of the technological infrastructure of the Universidad Cooperativa de Colombia Arauca Campus, using the ISO/IEC 27001: 2013 standard and the MAGERIT methodology, in order to determine if there is a safe environment for the systems. information and services they offer.