Implementación de un sistema de gestión de Seguridad de la información, aplicado a los Riesgos asociados a los activos de información En la empresa Net – Consultores S.A.C.
Descripción del Articulo
The following research is made for NET CONSULTORES enterprise SAC, which implement security control policies to protect information; improving client’s services, offering quality and efficiency in service to assure business continuing. The following research has as main objective to design an SGSI s...
| Autor: | |
|---|---|
| Formato: | tesis de grado |
| Fecha de Publicación: | 2016 |
| Institución: | Universidad Nacional de San Martin - Tarapoto |
| Repositorio: | UNSM-Institucional |
| Lenguaje: | español |
| OAI Identifier: | oai:repositorio.unsm.edu.pe:11458/1769 |
| Enlace del recurso: | http://hdl.handle.net/11458/1769 |
| Nivel de acceso: | acceso abierto |
| Materia: | Políticas de seguridad Políticas de control Inventarios Gestión de riesgos |
| Sumario: | The following research is made for NET CONSULTORES enterprise SAC, which implement security control policies to protect information; improving client’s services, offering quality and efficiency in service to assure business continuing. The following research has as main objective to design an SGSI system with NET consulters under ISO/IEC 27001 Standard aiming to classify information, identify weaknesses and menace to the communication area; value risks defining security control and policies based on it, which would be manage by the company, procedure instructions and documentation that must be developed during the process in order to implement SGCI system, under PDCA (Planning, Doing, Control and Acting). As a first step, observation for information gathering must be done and also interview technic to let have a general idea of security management on the organization. After, a risk analysis step by step developing the assets inventory is done, quality value of assets, menaces identification, assets safeguard identification, valuation and evaluation of risks and its report which let identify the most relevant risks where the company is exposed. Following is defining security control and policies which will contribute in less incidence of risk in the communication area empower security that will be reflected in the company and its clients giving nimble, efficient, and accurate services. Finally, the first phase of implementation is done, consisting on a risk management plan where it is specifying how the risk must be control, selecting the controls, the responsible and the time, ready to be used by the company |
|---|
Nota importante:
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
