Bases para la implementación del sistema de gestión de seguridad de la información en el Ingenio Pichichí S.A.
Ramírez Reyes, Héctor Hernán
MetadatosMostrar el registro completo del ítem
This article presents the results of the research: Bases for the Implementation of the Information Security Management System at Ingenio Pichichí S.A. raised before the need to measure and analyze the incidents that occur with the security of the information, specifically regarding the probable risk in terms of confidentiality, availability and integrity of the data. The investigation determined as objective to establish the bases for an Information Security Management System that guarantees the confidentiality, availability and integrity of the data of Ingenio Pichichí S.A. under the criteria of ISO / IEC 27001: 2013. To carry out the diagnosis of the current state of the organization, an existing instrument was used; Regarding the definition of the policy, constituent elements were recognized from the referred standard; of the risk assessment, a matrix was prepared for its treatment. When the diagnosis was made, a very low level of implementation was obtained for the company but it allows to design specific actions based on the measurement made; the information security policy was constituted as a statement of the responsibilities and accepted behavior to maintain a safe environment in the study unit; and establishes guidelines and guidelines related to the safe handling of information; once their probability and financial impact were defined for each risk, the risk map was obtained, which is mainly concentrated on the map, in the high probability zone and moderate financial impact; a second concentration is established in the area of moderate probability and moderate financial impact.