- ÍtemAcceso AbiertoPropuesta de un modelo de Gobierno de TI para la gestión estratégica de las cooperativas de ahorro y crédito del cantón Cañar, basado en Cobit 5(Universidad Católica de Cuenca campus Cañar, 2023) Lema Mullo, Johnson Neptali; Flores Urgiles, Cristhian Humberto; 0606223824The entitled thesis "PROPOSAL OF AN IT GOVERNANCE MODEL FOR THE STRATEGIC MANAGEMENT OF THE SAVINGS AND CREDIT COOPERATIVES OF CAÑAR CANTON, BASED ON COBIT 5" focuses on the need to establish an IT governance model for the savings and credit cooperatives of Cañar Canton. For this purpose, it focuses on meeting three key objectives: A) To conduct an exhaustive technical study on the domains, processes, and application of the COBIT 5 reference framework in the area of IT governance. COBIT 5 is an international framework of best practices used to manage and govern information technology effectively and aligned with the strategic objectives of an organization. B) To analyze the current state of the crucial business processes related to the IT department in financial institutions. This analysis made it possible to identify areas for improvement and existing gaps in IT management in these cooperatives. C) To build an IT governance model based on COBIT 5 specifically designed for financial institutions. The proposed COBIT 5-based IT governance model provides the necessary tools to achieve this improvement, and ensure adequate control of technical resources, operational efficiency and adaptability to change, all concerning international standards of good IT practices. Keywords: COBIT 5, IT governance, strategic management.
- ÍtemAcceso AbiertoAuditoría de la seguridad física y lógica de los servicios tecnológicos en el Gadipcs Suscal, usando como referencia la norma ISO/IEC 27002:2016(Universidad Católica de Cuenca campus Cañar, 2023) Zamora Pomaquiza, Diana Jakeline; Andrade Cárdenas, Danny Patricio; 030286774-2As part of the project, it is proposed to conduct a security audit covering both physical and logical aspects of the Autonomous Decentralized Intercultural and Participative Decentralized Government of the Suscal canton (GADIPCS by its Spanish acronym) technological systems. The primary purpose is to identify vulnerabilities that compromise the robustness of institutional technological services. The project began by establishing a theoretical framework with the items related to the research topic. Subsequently, the audit phases were defined and executed. In order to diagnose the current security posture of the municipality, an interview and a compliance test (Checklist) aligned to the ISO 27002 standard were applied. The checklist was used to assess adherence to security controls or policies. Based on the checklist, a risk matrix was developed to discern the levels of exposure resulting from the lack of implementation of specific controls. At the end of the assessment, an evaluation report was generated, specifying the observations identified and their corresponding suggestions for improvement. Keywords: ISO 27002 standard, risk matrix, security audit, vulnerabilities, audit phases.
- ÍtemEmbargoDesarrollo de un modelo de transformación digital para la Empresa Pública Municipal Mancomunada de aseo integral del Pueblo Cañarí Emmaipc-Ep del cantón Cañar(Universidad Católica de Cuenca campus Cañar, 2023) Pomavilla Zhinin, Luis Abrahan; Pinos Castillo, Luis Fernando; 0302233044Digital transformation is presented as an imperative to optimize the operational efficiency of organizations. In the case of EMMAIPC-EP, although there is a clear commitment to technological management, there are still significant challenges to face for its full digitization. Based on a survey, key departments, such as Management and Human Talent, were identified that would benefit from digitalized processes. The relationship with the customer and technological obsolescence are critical areas to address. However, the biggest challenge lies in data management and security. Through the SWOT analysis and the model of David L. Rogert, recommendations were proposed, focusing on training, technological updating, data management, process efficiency, organizational change, etc. These measures aim to strengthen the competitiveness and efficiency of EMMAIPC-EP on its journey towards digitization. Keywords: EMMAIPC-EP, SWOT, Digitization, Processes, Competitiveness
- ÍtemAcceso AbiertoPlanificación estratégica “PETI” para la Cooperativa de Ahorro y Crédito “Achik Inty” Ltda.(Universidad Católica de Cuenca campus Cañar, 2023) Tenelema Ganzhi, Carlos Geovanny; Pinos Castillo, Luis Fernando; 0302732243The purpose of this research project is to carry out an IT Strategic Plan for the "ACHIK INTY" Savings and Credit Cooperative, with the main objective of developing a strategic plan that guides the investment, implementation, and management of the cooperative's IT infrastructure and services, aligning them with the strategic objectives and needs of the organization. The research methodology is detailed in-depth, addressing aspects such as approach, level of research, and sources of information. The IT Strategic Plan proposal for ACHIK INTY Cooperative was developed in four phases, starting with an analysis of the current situation of the IT department. This included an assessment of the inventory of IT resources, the existing technology infrastructure, and a review of available institutional documentation. These steps will provide a solid foundation for formulating Information Technology (IT) strategies. A detailed schedule was designed to implement these IT strategies, detailing the activities to be developed, the estimated time for execution, the associated costs, and the risks inherent to each activity, thus developing a plan to manage and mitigate these risks effectively. Keywords: IT Strategic Plan, information technologies, IT strategy
- ÍtemEmbargoPropuesta de un modelo de madurez de ciberseguridad para Ecuador(Universidad Católica de Cuenca campus Cañar, 2023) Verdugo Crespo, Gerson Leonardo; Flores Urgiles, Cristhian Humberto; 0303016851ABSTRACT The purpose of this article is to propose a cybersecurity maturity model adapted to the needs and characteristics of Ecuador, which will allow the evaluation and improvement of cybersecurity capacity in organizations, government agencies and critical infrastructures in the country. The Model is called Cybersecurity Maturity Model of Ecuador (CMME), and the main objectives are; Develop a cybersecurity maturity model, with a proposal for the Ecuadorian State, determining its domains, maturity levels, functions and categories based on recognized standards and reference frameworks, which when applied allows establishing and evaluating cybersecurity in the country , a survey of documentary information will be carried out on the models and reference frameworks that will allow establishing the steps that must be followed for its preparation. In addition to developing a reference framework for future projects on cybersecurity maturity models for nations. To propose the following model, the ISO 27001 standard and three fundamental cybersecurity frameworks were studied, such as: CMM (Cybersecurity Capacity Maturity Model for Nations), C2M2 (Cybersecurity Capacity Maturity Model for Organizations), and NIST CSF (National Institute of Standards). and Technology) (Cybersecurity Framework), to which two types of comparative analysis were carried out to obtain the phases presented below, and evaluation of cybersecurity capabilities in Ecuador. Following the phases proposed in this article, it was possible to develop three of the six planned, which are: Analysis of the Ecuadorian Context, Definition of Objectives and Development of the Model, the three missing ones were not developed since being a proposal it cannot be test, implement, evaluate and therefore improve. In conclusion, it was possible to develop a cybersecurity maturity model, with its domains and subdomains, establish the maturity levels, functions and category that will serve as a reference when evaluating Ecuador's cybersecurity capacity, in addition to serving as a guide for the development of other cybersecurity frameworks for nations. KEYWORDS Cybersecurity, Maturity Model, Ecuador, Technology, CMM, C2M2, NIST CSF.