Guía para realizar una Auditoría al Sistemas de Gestión de Seguridad de la Información desarrollada bajo la NTC-ISO/IEC 27001:2013
An Information Security Management System (ISMS) is crucial for protecting an organization's information assets. To effectively implement it, risks must be identified and evaluated, appropriate policies and procedures established, and clear responsibilities assigned.The NTC-ISO/IEC 27001 (ICONT...
- Autores:
-
Guzmán Díaz, Jorge Mario
- Tipo de recurso:
- Tesis
- Fecha de publicación:
- 2023
- Institución:
- Universidad Antonio Nariño
- Repositorio:
- Repositorio UAN
- Idioma:
- spa
- OAI Identifier:
- oai:repositorio.uan.edu.co:123456789/8175
- Acceso en línea:
- http://repositorio.uan.edu.co/handle/123456789/8175
- Palabra clave:
- Sistema de Gestión
Seguridad
Información
activos de información
controles de seguridad
657
7.23 G993g
Information Security
Management System
information
information security
controls
- Rights
- closedAccess
- License
- Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)
| Summary: | An Information Security Management System (ISMS) is crucial for protecting an organization's information assets. To effectively implement it, risks must be identified and evaluated, appropriate policies and procedures established, and clear responsibilities assigned.The NTC-ISO/IEC 27001 (ICONTEC, 2013), COBIT5, or MAGERIT standards can be employed for its implementation. The audit of the ISMS, based on ISO/IEC 27007 (ISO, 2020), assesses compliance and effectiveness through documentation review, interviews, and technical testing. |
|---|