Cybersecurity framework for SMEs in Peru based on ISO/IEC 27001 and CSF NIST controls
Descripción del Articulo
Due to the global pandemic that was experienced in 2020, the Small and Medium Enterprises (SMEs) sector in Peru chose to store all their information in cloud services. However, a 2021 Kaspersky study indicates that SMBs have few resources to implement security solutions to protect their information....
| Autores: | , , |
|---|---|
| Formato: | artículo |
| Fecha de Publicación: | 2023 |
| Institución: | Universidad Peruana de Ciencias Aplicadas |
| Repositorio: | UPC-Institucional |
| Lenguaje: | inglés |
| OAI Identifier: | oai:repositorioacademico.upc.edu.pe:10757/669501 |
| Enlace del recurso: | http://hdl.handle.net/10757/669501 |
| Nivel de acceso: | acceso embargado |
| Materia: | CFS NIST controls cyber-attacks Cybersecurity Framework ISO/IEC 27001 SMEs |
| id |
UUPC_ac1e950734b494c3a9ff3290adfca09f |
|---|---|
| oai_identifier_str |
oai:repositorioacademico.upc.edu.pe:10757/669501 |
| network_acronym_str |
UUPC |
| network_name_str |
UPC-Institucional |
| repository_id_str |
2670 |
| dc.title.es_PE.fl_str_mv |
Cybersecurity framework for SMEs in Peru based on ISO/IEC 27001 and CSF NIST controls |
| title |
Cybersecurity framework for SMEs in Peru based on ISO/IEC 27001 and CSF NIST controls |
| spellingShingle |
Cybersecurity framework for SMEs in Peru based on ISO/IEC 27001 and CSF NIST controls Angelo Edu, Munoz Luyo CFS NIST controls cyber-attacks Cybersecurity Framework ISO/IEC 27001 SMEs |
| title_short |
Cybersecurity framework for SMEs in Peru based on ISO/IEC 27001 and CSF NIST controls |
| title_full |
Cybersecurity framework for SMEs in Peru based on ISO/IEC 27001 and CSF NIST controls |
| title_fullStr |
Cybersecurity framework for SMEs in Peru based on ISO/IEC 27001 and CSF NIST controls |
| title_full_unstemmed |
Cybersecurity framework for SMEs in Peru based on ISO/IEC 27001 and CSF NIST controls |
| title_sort |
Cybersecurity framework for SMEs in Peru based on ISO/IEC 27001 and CSF NIST controls |
| author |
Angelo Edu, Munoz Luyo |
| author_facet |
Angelo Edu, Munoz Luyo Alexis, Garibay Palomino Lenis, Wong Portillo |
| author_role |
author |
| author2 |
Alexis, Garibay Palomino Lenis, Wong Portillo |
| author2_role |
author author |
| dc.contributor.author.fl_str_mv |
Angelo Edu, Munoz Luyo Alexis, Garibay Palomino Lenis, Wong Portillo |
| dc.subject.es_PE.fl_str_mv |
CFS NIST controls cyber-attacks Cybersecurity Framework ISO/IEC 27001 SMEs |
| topic |
CFS NIST controls cyber-attacks Cybersecurity Framework ISO/IEC 27001 SMEs |
| description |
Due to the global pandemic that was experienced in 2020, the Small and Medium Enterprises (SMEs) sector in Peru chose to store all their information in cloud services. However, a 2021 Kaspersky study indicates that SMBs have few resources to implement security solutions to protect their information. For this reason, this article proposes a cybersecurity framework composed of controls from ISO/IEC 27001 and the Cybersecurity Framework (CSF) of the National Institute of Standards and Technology (NIST) to mitigate cyber-threats against SMEs in Peru. The framework consists of 7 steps having as reference the Deming cycle (PDCA). For the implementation of the composite framework, we worked with 12 domains and 40 controls for a Peruvian SME in the technology sector. The results showed an increase in cybersecurity of 40 %, after applying the 40 controls, improving its level of maturity from the 'insufficient' state to a 'mature' state, according to the assessment given. |
| publishDate |
2023 |
| dc.date.accessioned.none.fl_str_mv |
2023-11-28T15:53:25Z |
| dc.date.available.none.fl_str_mv |
2023-11-28T15:53:25Z |
| dc.date.issued.fl_str_mv |
2023-01-01 |
| dc.type.es_PE.fl_str_mv |
info:eu-repo/semantics/article |
| format |
article |
| dc.identifier.issn.none.fl_str_mv |
21660727 |
| dc.identifier.doi.none.fl_str_mv |
10.23919/CISTI58278.2023.10211874 |
| dc.identifier.uri.none.fl_str_mv |
http://hdl.handle.net/10757/669501 |
| dc.identifier.eissn.none.fl_str_mv |
21660735 |
| dc.identifier.journal.es_PE.fl_str_mv |
Iberian Conference on Information Systems and Technologies, CISTI |
| dc.identifier.eid.none.fl_str_mv |
2-s2.0-85169811956 |
| dc.identifier.scopusid.none.fl_str_mv |
SCOPUS_ID:85169811956 |
| dc.identifier.isni.none.fl_str_mv |
0000 0001 2196 144X |
| identifier_str_mv |
21660727 10.23919/CISTI58278.2023.10211874 21660735 Iberian Conference on Information Systems and Technologies, CISTI 2-s2.0-85169811956 SCOPUS_ID:85169811956 0000 0001 2196 144X |
| url |
http://hdl.handle.net/10757/669501 |
| dc.language.iso.es_PE.fl_str_mv |
eng |
| language |
eng |
| dc.rights.es_PE.fl_str_mv |
info:eu-repo/semantics/embargoedAccess |
| eu_rights_str_mv |
embargoedAccess |
| dc.format.es_PE.fl_str_mv |
application/pdf |
| dc.publisher.es_PE.fl_str_mv |
IEEE Computer Society |
| dc.source.es_PE.fl_str_mv |
Repositorio Academico - UPC Universidad Peruana de Ciencias Aplicadas (UPC) |
| dc.source.none.fl_str_mv |
reponame:UPC-Institucional instname:Universidad Peruana de Ciencias Aplicadas instacron:UPC |
| instname_str |
Universidad Peruana de Ciencias Aplicadas |
| instacron_str |
UPC |
| institution |
UPC |
| reponame_str |
UPC-Institucional |
| collection |
UPC-Institucional |
| dc.source.journaltitle.none.fl_str_mv |
Iberian Conference on Information Systems and Technologies, CISTI |
| dc.source.volume.none.fl_str_mv |
2023-June |
| bitstream.url.fl_str_mv |
https://repositorioacademico.upc.edu.pe/bitstream/10757/669501/1/license.txt |
| bitstream.checksum.fl_str_mv |
8a4605be74aa9ea9d79846c1fba20a33 |
| bitstream.checksumAlgorithm.fl_str_mv |
MD5 |
| repository.name.fl_str_mv |
Repositorio académico upc |
| repository.mail.fl_str_mv |
upc@openrepository.com |
| _version_ |
1846065953345896448 |
| spelling |
34067589c2c0b0490a047857745e6873300cd3aa1b372b9202c0adf7140d97f5330300f5cbcca454e4405e48ccf537ae7f0274Angelo Edu, Munoz LuyoAlexis, Garibay PalominoLenis, Wong Portillo2023-11-28T15:53:25Z2023-11-28T15:53:25Z2023-01-012166072710.23919/CISTI58278.2023.10211874http://hdl.handle.net/10757/66950121660735Iberian Conference on Information Systems and Technologies, CISTI2-s2.0-85169811956SCOPUS_ID:851698119560000 0001 2196 144XDue to the global pandemic that was experienced in 2020, the Small and Medium Enterprises (SMEs) sector in Peru chose to store all their information in cloud services. However, a 2021 Kaspersky study indicates that SMBs have few resources to implement security solutions to protect their information. For this reason, this article proposes a cybersecurity framework composed of controls from ISO/IEC 27001 and the Cybersecurity Framework (CSF) of the National Institute of Standards and Technology (NIST) to mitigate cyber-threats against SMEs in Peru. The framework consists of 7 steps having as reference the Deming cycle (PDCA). For the implementation of the composite framework, we worked with 12 domains and 40 controls for a Peruvian SME in the technology sector. The results showed an increase in cybersecurity of 40 %, after applying the 40 controls, improving its level of maturity from the 'insufficient' state to a 'mature' state, according to the assessment given.Revisión por paresODS 9: Industria, Innovación e InfraestructuraODS 8: Trabajo Decente y Crecimiento EconómicoODS 12: Producción y Consumo Responsablesapplication/pdfengIEEE Computer Societyinfo:eu-repo/semantics/embargoedAccessRepositorio Academico - UPCUniversidad Peruana de Ciencias Aplicadas (UPC)Iberian Conference on Information Systems and Technologies, CISTI2023-Junereponame:UPC-Institucionalinstname:Universidad Peruana de Ciencias Aplicadasinstacron:UPCCFS NISTcontrolscyber-attacksCybersecurityFrameworkISO/IEC 27001SMEsCybersecurity framework for SMEs in Peru based on ISO/IEC 27001 and CSF NIST controlsinfo:eu-repo/semantics/articleLICENSElicense.txtlicense.txttext/plain; charset=utf-81748https://repositorioacademico.upc.edu.pe/bitstream/10757/669501/1/license.txt8a4605be74aa9ea9d79846c1fba20a33MD51false10757/669501oai:repositorioacademico.upc.edu.pe:10757/6695012024-07-20 04:29:49.725Repositorio académico upcupc@openrepository.comTk9URTogUExBQ0UgWU9VUiBPV04gTElDRU5TRSBIRVJFClRoaXMgc2FtcGxlIGxpY2Vuc2UgaXMgcHJvdmlkZWQgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seS4KCk5PTi1FWENMVVNJVkUgRElTVFJJQlVUSU9OIExJQ0VOU0UKCkJ5IHNpZ25pbmcgYW5kIHN1Ym1pdHRpbmcgdGhpcyBsaWNlbnNlLCB5b3UgKHRoZSBhdXRob3Iocykgb3IgY29weXJpZ2h0Cm93bmVyKSBncmFudHMgdG8gRFNwYWNlIFVuaXZlcnNpdHkgKERTVSkgdGhlIG5vbi1leGNsdXNpdmUgcmlnaHQgdG8gcmVwcm9kdWNlLAp0cmFuc2xhdGUgKGFzIGRlZmluZWQgYmVsb3cpLCBhbmQvb3IgZGlzdHJpYnV0ZSB5b3VyIHN1Ym1pc3Npb24gKGluY2x1ZGluZwp0aGUgYWJzdHJhY3QpIHdvcmxkd2lkZSBpbiBwcmludCBhbmQgZWxlY3Ryb25pYyBmb3JtYXQgYW5kIGluIGFueSBtZWRpdW0sCmluY2x1ZGluZyBidXQgbm90IGxpbWl0ZWQgdG8gYXVkaW8gb3IgdmlkZW8uCgpZb3UgYWdyZWUgdGhhdCBEU1UgbWF5LCB3aXRob3V0IGNoYW5naW5nIHRoZSBjb250ZW50LCB0cmFuc2xhdGUgdGhlCnN1Ym1pc3Npb24gdG8gYW55IG1lZGl1bSBvciBmb3JtYXQgZm9yIHRoZSBwdXJwb3NlIG9mIHByZXNlcnZhdGlvbi4KCllvdSBhbHNvIGFncmVlIHRoYXQgRFNVIG1heSBrZWVwIG1vcmUgdGhhbiBvbmUgY29weSBvZiB0aGlzIHN1Ym1pc3Npb24gZm9yCnB1cnBvc2VzIG9mIHNlY3VyaXR5LCBiYWNrLXVwIGFuZCBwcmVzZXJ2YXRpb24uCgpZb3UgcmVwcmVzZW50IHRoYXQgdGhlIHN1Ym1pc3Npb24gaXMgeW91ciBvcmlnaW5hbCB3b3JrLCBhbmQgdGhhdCB5b3UgaGF2ZQp0aGUgcmlnaHQgdG8gZ3JhbnQgdGhlIHJpZ2h0cyBjb250YWluZWQgaW4gdGhpcyBsaWNlbnNlLiBZb3UgYWxzbyByZXByZXNlbnQKdGhhdCB5b3VyIHN1Ym1pc3Npb24gZG9lcyBub3QsIHRvIHRoZSBiZXN0IG9mIHlvdXIga25vd2xlZGdlLCBpbmZyaW5nZSB1cG9uCmFueW9uZSdzIGNvcHlyaWdodC4KCklmIHRoZSBzdWJtaXNzaW9uIGNvbnRhaW5zIG1hdGVyaWFsIGZvciB3aGljaCB5b3UgZG8gbm90IGhvbGQgY29weXJpZ2h0LAp5b3UgcmVwcmVzZW50IHRoYXQgeW91IGhhdmUgb2J0YWluZWQgdGhlIHVucmVzdHJpY3RlZCBwZXJtaXNzaW9uIG9mIHRoZQpjb3B5cmlnaHQgb3duZXIgdG8gZ3JhbnQgRFNVIHRoZSByaWdodHMgcmVxdWlyZWQgYnkgdGhpcyBsaWNlbnNlLCBhbmQgdGhhdApzdWNoIHRoaXJkLXBhcnR5IG93bmVkIG1hdGVyaWFsIGlzIGNsZWFybHkgaWRlbnRpZmllZCBhbmQgYWNrbm93bGVkZ2VkCndpdGhpbiB0aGUgdGV4dCBvciBjb250ZW50IG9mIHRoZSBzdWJtaXNzaW9uLgoKSUYgVEhFIFNVQk1JU1NJT04gSVMgQkFTRUQgVVBPTiBXT1JLIFRIQVQgSEFTIEJFRU4gU1BPTlNPUkVEIE9SIFNVUFBPUlRFRApCWSBBTiBBR0VOQ1kgT1IgT1JHQU5JWkFUSU9OIE9USEVSIFRIQU4gRFNVLCBZT1UgUkVQUkVTRU5UIFRIQVQgWU9VIEhBVkUKRlVMRklMTEVEIEFOWSBSSUdIVCBPRiBSRVZJRVcgT1IgT1RIRVIgT0JMSUdBVElPTlMgUkVRVUlSRUQgQlkgU1VDSApDT05UUkFDVCBPUiBBR1JFRU1FTlQuCgpEU1Ugd2lsbCBjbGVhcmx5IGlkZW50aWZ5IHlvdXIgbmFtZShzKSBhcyB0aGUgYXV0aG9yKHMpIG9yIG93bmVyKHMpIG9mIHRoZQpzdWJtaXNzaW9uLCBhbmQgd2lsbCBub3QgbWFrZSBhbnkgYWx0ZXJhdGlvbiwgb3RoZXIgdGhhbiBhcyBhbGxvd2VkIGJ5IHRoaXMKbGljZW5zZSwgdG8geW91ciBzdWJtaXNzaW9uLgo= |
| score |
13.905282 |
Nota importante:
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
