Examinando por Autor "Zamora Pomaquiza, Diana Jakeline"
Mostrando 1 - 1 de 1
- Resultados por página
- Opciones de ordenación
Ítem Acceso Abierto Auditoría de la seguridad física y lógica de los servicios tecnológicos en el Gadipcs Suscal, usando como referencia la norma ISO/IEC 27002:2016(Universidad Católica de Cuenca campus Cañar, 2023) Zamora Pomaquiza, Diana Jakeline; Andrade Cárdenas, Danny Patricio; 030286774-2As part of the project, it is proposed to conduct a security audit covering both physical and logical aspects of the Autonomous Decentralized Intercultural and Participative Decentralized Government of the Suscal canton (GADIPCS by its Spanish acronym) technological systems. The primary purpose is to identify vulnerabilities that compromise the robustness of institutional technological services. The project began by establishing a theoretical framework with the items related to the research topic. Subsequently, the audit phases were defined and executed. In order to diagnose the current security posture of the municipality, an interview and a compliance test (Checklist) aligned to the ISO 27002 standard were applied. The checklist was used to assess adherence to security controls or policies. Based on the checklist, a risk matrix was developed to discern the levels of exposure resulting from the lack of implementation of specific controls. At the end of the assessment, an evaluation report was generated, specifying the observations identified and their corresponding suggestions for improvement. Keywords: ISO 27002 standard, risk matrix, security audit, vulnerabilities, audit phases.