期刊名称:IAENG International Journal of Computer Science
印刷版ISSN:1819-656X
电子版ISSN:1819-9224
出版年度:2021
卷号:48
期号:2
语种:English
出版社:IAENG - International Association of Engineers
摘要:In an era of globalization, in which technology has allowed the development of companies to be promoted, data and information become essential assets in organizations, which are exposed to hackers, computer viruses, cyber espionage, and infrastructure failures are some of the problems organizations face daily. In this work, we aim to present a model of an information security management system, aligned with the NTC-ISO/IEC 27001:2013 standard, which applies to any organization and allows them to know their current status regarding the information security. Also, the proposed model will enable organizations to implement systemically and adequately controls, procedures, and policies required to preserve the integrity, confidentiality, and integrity of information assets. The model has been applied to an organization that provides technical information management and administration services in the hydrocarbon sector. The results of using the model in this organization, allowed to define its security structure, information security policies, and resources required to certify its management system. Additionally, information assets, technical vulnerabilities, and risks applied to all processes were identified.