dc.contributor.advisor | Ledesma Álvarez, Gerson Damacio | |
dc.contributor.author | Paz Caicedo, Michelle María | |
dc.date.accessioned | 2023-05-29T14:00:45Z | |
dc.date.available | 2023-05-29T14:00:45Z | |
dc.date.issued | 2023 | |
dc.identifier.uri | http://dspace.utb.edu.ec/handle/49000/13999 | |
dc.description | The present research work named "Diagnosis and structure of good practices in information security management based on the ISO / IEC 27001 standard for the company Avcamnet S.A in Babahoyo". The main objective of this research is to evaluate the application of good information security practices based on the ISO / IEC 27001 standard in AVCAMNET S.A. Methods such as documentary or bibliographical research were used, with a qualitative approach that allows the author to adequately understand the company's computer system, so that they agree to collect and analyze relevant information, including the review of specialized literature and the study of practical cases. Through the execution of the interview, the current situation of the control domains was determined, the compliance evaluation and the percentage of each control with respect to the total number of controls necessary in the domain was estimated. It can be noted that it only complies with 21.4% of the procedures and policies related to the security of the information it possesses. This indicates that it does not meet 78.6% of the control requirements. The company does not have a formal internal control for information management, but efforts are underway to implement it. It was concluded that the security control of the APS system information is carried out through questionnaires and the information is secured through the assignment of profiles and access control. | es_ES |
dc.description | The present research work named "Diagnosis and structure of good practices in information security management based on the ISO / IEC 27001 standard for the company Avcamnet S.A in Babahoyo". The main objective of this research is to evaluate the application of good information security practices based on the ISO / IEC 27001 standard in AVCAMNET S.A. Methods such as documentary or bibliographical research were used, with a qualitative approach that allows the author to adequately understand the company's computer system, so that they agree to collect and analyze relevant information, including the review of specialized literature and the study of practical cases. Through the execution of the interview, the current situation of the control domains was determined, the compliance evaluation and the percentage of each control with respect to the total number of controls necessary in the domain was estimated. It can be noted that it only complies with 21.4% of the procedures and policies related to the security of the information it possesses. This indicates that it does not meet 78.6% of the control requirements. The company does not have a formal internal control for information management, but efforts are underway to implement it. It was concluded that the security control of the APS system information is carried out through questionnaires and the information is secured through the assignment of profiles and access control. | es_ES |
dc.description.abstract | El presente trabajo de investigación con nombre "Diagnóstico y estructura de las buenas prácticas en la gestión de la seguridad de la información basados en la norma ISO /IEC 27001 para la empresa Avcamnet S.A en Babahoyo". El objetivo principal de esta investigación es evaluar la aplicación de las buenas prácticas de seguridad de la información basadas en la norma ISO / IEC 27001 en AVCAMNET S.A. Se utilizaron métodos como la investigación documental o bibliográfica, con un enfoque cualitativo permite al autor comprender de manera adecuada el sistema informático de la empresa, que accedan recopilar y analizar información relevante, incluyendo la revisión de la literatura especializada y el estudio de casos prácticos. Mediante la ejecución de la entrevista se determinó la situación actual de los dominios de control, la evaluación del cumplimiento y se estima el porcentaje de cada control respecto al número total de controles necesarios en el dominio. Se puede notar que solamente cumple con el 21,4% de los procedimientos y políticas relacionado con la seguridad de la información que posee. Esto indica que no cumple con el 78,6% de los requisitos de control. La empresa no cuenta con un control interno formal para la gestión de la información, pero se están llevando a cabo esfuerzos para implementarlo. Se concluyó que el control de seguridad de la información de sistema APS se realiza mediante cuestionarios y se asegura la información mediante la asignación de perfiles y control de accesos. | es_ES |
dc.format.extent | 37 p. | es_ES |
dc.language.iso | es | es_ES |
dc.publisher | Babahoyo: UTB-FAFI. 2023 | es_ES |
dc.rights | Atribución-NoComercial-SinDerivadas 3.0 Ecuador | * |
dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/3.0/ec/ | * |
dc.subject | Diagnostico | es_ES |
dc.subject | Norma ISO | es_ES |
dc.subject | Control interno | es_ES |
dc.subject | Gestión | es_ES |
dc.subject | Evaluación | es_ES |
dc.subject | Cumplimiento | es_ES |
dc.title | Diagnóstico y estructura de las buenas prácticas en la gestión de la seguridad de la información basados en la norma ISO /IEC 27001 para la Empresa Avcamnet S.A en Babahoyo. | es_ES |
dc.type | bachelorThesis | es_ES |