Information security is one of the most important aspects in organizations that has been constantly developing, driven by advances in Information and Communication Technologies. It should be noted that such development also entails the constant identification of new threats that put at risk the Information Security within the organization, so it is important the implementation of a security model that would guarantee the security of computer assets in the process of integration of the Ministry of Telecommunications and the information society with a Public organization of Ecuador with the objective of ensuring the basic principles of Information Security: Integrity, availability and confidentiality. Therefore, using the ISO / IEC 27001 standard, the guidelines of the safety model were defined. It should be noted that for the implementation of the ISO / IEC 27001 standard, it was based on the Deming Cycle which based the analysis stages that were implemented in the security model. The result was a security model that allowed an early identification of risk and the establishment of corrective measures to mitigate it, based on the criticality analysis of the assets generated in the integration of organizations, the impact measurement generated from the involvement of an asset due to the materialization of a risk, among others. In addition, the defined security model was based on the implementation of the Deming cycle, resulting in a dynamic model for risk management.
|Title of host publication||Proceedings of the 2020 4th International Conference on Information System and Data Mining, ICISDM 2020|
|Publisher||Association for Computing Machinery|
|Number of pages||8|
|State||Published - 15 May 2020|
|Event||4th International Conference on Information System and Data Mining, ICISDM 2020 - Hilo, United States|
Duration: 15 May 2020 → 17 May 2020
|Name||ACM International Conference Proceeding Series|
|Conference||4th International Conference on Information System and Data Mining, ICISDM 2020|
|Period||15/05/20 → 17/05/20|
Bibliographical noteFunding Information:
The author thanks the Salesian Polytechnic University, Guayaquil Ecuador, Research Group "Computing, Security and Information Technology for a Globalized World" (CSITGW) established in accordance with resolution 142-06-2017-07 -19 and the Ministry Education, Science, Technology and Innovation (Senescyt).
© 2020 ACM.
Copyright 2020 Elsevier B.V., All rights reserved.
- Access Control
- Information Security
- Public Organizations
- Risk Management
- Security Model
- Security Policies