Implementation plan of the information security management system based on the NTC-ISO-IEC 27001:2013 standard and security risk analysis. Case study: Higher education institution

Resumen en inglés

This research was carried out to generate an implementation plan for the information security management system based on the NTC-ISO-IEC 27001:2013 standard and security risk analysis at the IUB university institution. The connotation of security has been extended over time due to technological advances and the introduction of new information systems, which simultaneously generate new security challenges. Likewise, the instruments to guarantee the confidentiality, integrity, and availability of information have become a fundamental strategy to ensure the security of public and private organizations. The preparation of this plan includes the methodological cycle, where they indicate a series of phases and their corresponding activities to implement the ISMS ISO 27001:2013, with procedural characteristics that support the entire implementation process from beginning to end, facilitating due process and continuity. Likewise, an analysis of the Information security risk plan is carried out, of which there is significant progress. The result of this cycle will be a plan with a schedule of activities so that the organization links all the personnel around compliance with the standard, raising awareness regarding the importance of information security and the development of activities in phases that, within the stipulated times, will be able to have the ISMS fully operational