Por favor, use este identificador para citar o enlazar este ítem: http://dspace.udla.edu.ec/handle/33000/8282
Tipo de material : masterThesis
Título : Propuesta de un modelo de gestión para mejorar la capacidad de gestión de la seguridad de la información de una institución financiera del sector público
Autor : Puga Hermosa, Cecilia del Pilar
Tutor : Coronel Hoyos, Katalina del Rocío
Palabras clave : TECNOLOGÍAS DE COMUNICACIÓN E INFORMACIÓN;SEGURIDAD INFORMÁTICA;SISTEMA FINANCIERO;FINANZAS PÚBLICAS
Fecha de publicación : 2017
Editorial : Quito: Universidad de las Américas, 2017
Citación : Puga Hermosa, C. P. (2017). Propuesta de un modelo de gestión para mejorar la capacidad de gestión de la seguridad de la información de una institución financiera del sector público (Tesis de maestría). Universidad de las Américas, Quito.
Resumen : Al ser la información un recurso clave para las empresas y por el papel que juega la tecnología desde el momento en que la información se crea hasta que se destruye, la necesidad de proteger la información y los activos de TI de continuas amenazas a través de la mitigación de riesgos se vuelve imprescindible...
Descripción : Information as a key resource for companies and by the role played by technology from the moment the information is created until it is destroyed; the need to protect information and its assets from threats through risk mitigation becomes indispensable. To ensure the security of the information be managed correctly, you must make use of a systematic, documented and known process throughout the Organization, from a business risk approach, that is an ISMS (Information Security Management System). The present research focuses on proposing a management model to improve the management capacity of the information security of a public financial institution, that contributes to the implementation of its strategic objectives, through the adoption of specific standards and three practices (COBIT 5, ITIL v3, ISO 27001:2013), which are being widely adopted at a global level and should be implemented on the basis of the Government Information Security Plan (EGSI) developed in September 2013 through the Agreement Ministerial 166. The Chapter 1, “Introduction and theoretical framework”, outlines the objectives to be achieved with research based on the background and the potential problems identified in the management of the information security of the financial institution, as well as a brief description of the concepts that will be useful throughout the document. The Chapter 2, “Analysis of the current situation”, discusses the context of the financial institution through its mission, principles and values, strategic objectives and organizational structure that can affect the ability to achieve the results expected of its information security management system; this is an initial diagnosis on the basis of the results of the audits carried out between the years 2010 and 2014 and the recurring problems of categorizing them based on the level of impact. The Chapter 3, “Analysis of causes root and the gap identification with the best practices “, is a diagnosis of the current situation of the institution in relation to the information security that will serve as a baseline for the implementation of the proposed model. The Chapter 4,"Model of implementation of the information security management system" proposes a model that achieves excellence through continuous improvement, based on the standard ISO27001:2013 that has embedded the PDCA cycle, or Demings cycle. The Chapter 5, “Conclusions and recommendations”, finally issues a series of conclusions and recommendations of this study.
URI : http://dspace.udla.edu.ec/handle/33000/8282
Aparece en las colecciones: Maestría en Gerencia de Sistemas y Tecnologías de la Información

Ficheros en este ítem:
Fichero Descripción Tamaño Formato  
UDLA-EC-TMGSTI-2017-21.pdf3,06 MBAdobe PDFVisualizar/Abrir


Este ítem está sujeto a una licencia Creative Commons Licencia Creative Commons Creative Commons