Extensión Cañar - Ingeniería de Sistemas
URI permanente para esta colecciónhttps://dspace.ucacue.edu.ec/handle/ucacue/12706
Examinar
Examinando Extensión Cañar - Ingeniería de Sistemas por Asesores "Carrillo Zenteno, Jose Antonio"
Mostrando 1 - 3 de 3
- Resultados por página
- Opciones de ordenación
Ítem Acceso Abierto Desarrollo de un Plan de Continuidad para el Departamento de TIC en el Municipio de Cañar(Universidad Católica de Cuenca campus Cañar, 2024) Guasco Loja, Luis Francisco; Carrillo Zenteno, Jose Antonio; 0302291703This research aims to develop a business continuity plan for the Department of Information and Communication Technologies (ICT) of the Municipality of Cañar. The research addresses the importance of having a structured plan for mitigate the risks associated with the municipality's critical processes. An analysis of the risks using the MAGERIT methodology, which allows to identify threats and vulnerabilities of the municipality's technological assets. Based on this analysis, propose countermeasures and safeguards to mitigate the identified risks. The study is based on the ISO 22301 standard, which provides a framework for creating management plans business continuity plans focused on organizational resilience. Although the business continuity plan continuity is not implemented in this research, a management model is proposed that can be adopted by the municipality to strengthen its technological infrastructure and ensure operational continuity in the event of incidents. In addition, the importance of to create an organizational culture that prioritizes security and continuity of services municipal, involving all stakeholders in the planning process. The Application of the ISO 22301 standard and risk analysis with MAGERIT are essential to establish a robust plan adapted to the specific needs of the Municipality of Cañar, ensuring the protection and recovery of critical services in emergency situations adverse. Keywords: continuity plan, ICT, municipality of Cañar, ISO 22301, risk management.Ítem Acceso Abierto Manual de Procesos para el Departamento de TI de la Empresa EMMAIPC-EP basado en COBIT 2019(Universidad Católica de Cuenca campus Cañar, 2024) Mullo Cepeda, Brandon Stalyn; Carrillo Zenteno, Jose Antonio; 0302689534The present research work titled "Development of a Process Manual for the IT Department Based on COBIT 2019 at EMMAIPC-EP" aims to create a proposal for a process manual for the IT department to standardize and optimize operational and technological management processes. This manual seeks to improve the efficiency and effectiveness of IT management by aligning processes with the organization's strategic objectives and ensuring compliance with international regulations and standards. The starting point was an analysis of key concepts related to IT governance and management, as well as a thorough review of the domains and processes proposed by COBIT 2019, including goal cascading and the assessment of the maturity level of the current processes in the IT department of EMMAIPC-EP. Subsequently, a diagnosis of the current state of the department was carried out, identifying key areas that require improvement and alignment with the company's strategic objectives. Based on these findings, critical services and processes that need to be documented and standardized in the manual were established, specifying the function, responsible parties, and execution guidelines for each process, in accordance with the best practices recommended by COBIT 2019. Keywords: COBIT 2019, Process Manual, Process ManagementÍtem Acceso Abierto Propuesta para la Implementación de Sistemas de Gestión de Riesgos de TI para la Cooperativa Yuyay Ltda(Universidad Católica de Cuenca campus Cañar, 2024) Yupa Chimbo, Verónica Janeth; Carrillo Zenteno, Jose Antonio; 0350152534This thesis proposes the implementation of an IT Risk Management System in the YUYAY Ltda. savings and loan union to strengthen information security and ensure the operational continuity of the cooperative in an increasingly digitized environment. Through a solid theoretical framework, the critical concepts of IT risk management are identified, and the current state of the information systems and the technological infrastructure of the cooperative is also diagnosed. The methodology used in this research follows a mixed approach, combining both qualitative and quantitative analysis. Information is collected through key personnel interviews, and risk analysis matrices are used to assess vulnerabilities and threats affecting critical assets. Subsequently, mitigation strategies are designed based on the principles of the ISO 31000 standard, proposing security controls, incident response plans, and recommendations for continuous risk monitoring. The thesis aims to provide a comprehensive solution that allows the cooperative to efficiently manage its technological risks, guaranteeing the protection of its information assets and maintaining alignment with its strategic objectives. It ensures the integrity, confidentiality, and availability of the systems, strengthening the ability to face security incidents and safeguard the operation. Keywords: assets, ISO 31000, risk management, threats
