A proposal for the management of the information security applied to a Colombian public entity

Information is considered today one of the most important resources in organizations, not only as fundamental input of processes, but as a resource to properly run allows to define organizational strategies, what has not been outside in the public sector, especially in what it has to do with its pro...

Full description

Autores:
Tipo de recurso:
Article of journal
Fecha de publicación:
2019
Institución:
Universidad Católica de Pereira
Repositorio:
Repositorio Institucional - RIBUC
Idioma:
spa
OAI Identifier:
oai:repositorio.ucp.edu.co:10785/9988
Acceso en línea:
https://revistas.ucp.edu.co/index.php/entrecienciaeingenieria/article/view/1136
http://hdl.handle.net/10785/9988
Palabra clave:
Rights
openAccess
License
Derechos de autor 2019 Entre Ciencia e Ingeniería
Description
Summary:Information is considered today one of the most important resources in organizations, not only as fundamental input of processes, but as a resource to properly run allows to define organizational strategies, what has not been outside in the public sector, especially in what it has to do with its protection. This article aims to present a case for the application of the management of information security in a public entity, using, prior review of the literature, four international information security standards) ISO/IEC 27001:2013, ISO/IEC 27002:2013, ISO/IEC 27003:2010 and ISO/IEC 27005:2008) and their contextualization in Colombia, from the guidelines laid down by the Ministry of information technologies. Resulted in the development of a methodology adjusted to the needs of the public entity with management of risk and controls relevant indicators and parameters to reduce the uncertainty in the management of information. The contributions made by this work is related to the integration of international standards of security of the information and their contextualization in a Government area, responding to regulatory requirements and allowing once After implementation, having a relevant methodological development that allows the public organization develop information security management processes continuously.

Publicaciones similares