Implementation plan of the information security management system based on the NTC-ISO-IEC 27001:2013 standard and security risk analysis. Case study: Higher education institution
| dc.contributor.author | Hernandez Collante, Leonel | eng |
| dc.contributor.author | Pranolo, Andri | eng |
| dc.contributor.author | Prasetya Wibawa, Aji | eng |
| dc.date.accessioned | 2024-12-24 00:00:00 | |
| dc.date.available | 2024-12-24 00:00:00 | |
| dc.date.issued | 2024-12-24 | |
| dc.description.abstract | This research was carried out to generate an implementation plan for the information security management system based on the NTC-ISO-IEC 27001:2013 standard and security risk analysis at the IUB university institution. The connotation of security has been extended over time due to technological advances and the introduction of new information systems, which simultaneously generate new security challenges. Likewise, the instruments to guarantee the confidentiality, integrity, and availability of information have become a fundamental strategy to ensure the security of public and private organizations. The preparation of this plan includes the methodological cycle, where they indicate a series of phases and their corresponding activities to implement the ISMS ISO 27001:2013, with procedural characteristics that support the entire implementation process from beginning to end, facilitating due process and continuity. Likewise, an analysis of the Information security risk plan is carried out, of which there is significant progress. The result of this cycle will be a plan with a schedule of activities so that the organization links all the personnel around compliance with the standard, raising awareness regarding the importance of information security and the development of activities in phases that, within the stipulated times, will be able to have the ISMS fully operational | eng |
| dc.format.mimetype | application/pdf | eng |
| dc.identifier.doi | 10.32397/tesea.vol5.n2.635 | |
| dc.identifier.eissn | 2745-0120 | |
| dc.identifier.url | https://doi.org/10.32397/tesea.vol5.n2.635 | |
| dc.language.iso | eng | eng |
| dc.publisher | Universidad Tecnológica de Bolívar | eng |
| dc.relation.bitstream | https://revistas.utb.edu.co/tesea/article/download/635/429 | |
| dc.relation.citationedition | Núm. 2 , Año 2024 : Transactions on Energy Systems and Engineering Applications | eng |
| dc.relation.citationendpage | 20 | |
| dc.relation.citationissue | 2 | eng |
| dc.relation.citationstartpage | 1 | |
| dc.relation.citationvolume | 5 | eng |
| dc.relation.ispartofjournal | Transactions on Energy Systems and Engineering Applications | eng |
| dc.relation.references | Luis Enrique. El gasto mundial en TI crecerá un 8% en 2024 según Gartner, Feb 2024. [2] Giovanna Culot, Guido Nassimbeni, Matteo Podrecca, and Marco Sartor. The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda. The TQM Journal, 33(7):76–105, Mar 2021. [3] Yasmin Kamil, Sofia Lund, and M Sirajul Islam. Information security objectives and the output legitimacy of iso/iec 27001: stakeholders’ perspective on expectations in private organizations in sweden. Information Systems and e-Business Management, 21(3):699–722, Aug 2023. [4] Lukas Grenefalk and NorénWallin. Security management: Investigating the challenges and success factors in implementation and maintenance of information security management systems, 2023. [5] Heru Susanto, Mohammad Nabil Almunawar, and Yong Chee Tuan. Information security challenge and breaches: novelty approach on measuring iso 27001 readiness level. International Journal of Engineering and Technology, 2(1):67–75, 2012. [6] Carol Hsu, Tawei Wang, and Ang Lu. The Impact of ISO 27001 Certification on Firm Performance. Jan 2016. [7] ISO 27001 - Certificado ISO 27001 punto por punto - Presupuesto Online., 2017. [8] Jangirala Srinivas, Ashok Kumar Das, and Neeraj Kumar. Government regulations in cyber security: Framework, standards and recommendations. Future Generation Computer Systems, 92:178–188, Oct 2018. [9] Universidad del Atlántico. Sistema de gestión de seguridad de la información - universidad del atlántico, July 2024. Accessed: 2024-07-07. [10] Gestion Web. La UPTC, única universidad pública latinoamericana que ha conseguido la ISO 20000 y 2700, Apr 2016. [11] Mosquera C. Resolución Rectoral Creación SGSI Universidad Distrital Francisco Jose De Caldas. 2015. [12] KPMG. CIO Survey 2018: Insights for technology leaders in Colombia, June 2018. Accessed: 2023-07-07. [13] La Ciberseguridad en el Día Internacional de la Seguridad de la Información - 30 de noviembre 2022, 2022. [14] Universidad del Rosario. Ciberataques en colombia ¿está colombia preparada para uno?, July 2024. Accessed: 2024-07-07. [15] Ivanti. Ciso priorities shift: Navigating changes post-pandemic, July 2024. Accessed: 2024-07-07. [16] O. R. Martínez. Marco para el Gobierno de la Seguridad de la Información en servicios Cloud Computing. PhD thesis, Universidad de Castilla - La Mancha, 2014. [Online]. [17] J. D. Camargo Ramirez. Diseño de un sistema de gestión de la seguridad de la información (SGSI) en el área tecnológica de la comisión nacional del servicio civil - CNSC basado en la norma ISO27000 e ISO27001, 2017. [Online]. [18] J. A. Guaman Seis. Diseño de un Sistema de Gestión de Seguridad de la Información para Instituciones Militares. PhD thesis, Escuela Politécnica Nacional, Quito, 2015. [19] Erick Guerra, Harold Neira, Jorge L. Díaz, and Janns Patiño. Desarrollo de un sistema de gestión para la seguridad de la información basado en metodología de identificación y análisis de riesgo en bibliotecas universitarias. Información tecnológica, 32(5):145–156, Oct 2021. [20] F. Becerra and A. Villamil. Diseño de procedimientos de gestión de usuarios y gestión del cambio en el sistema kactus-hr aplicando iso 27001. Master’s thesis, Universidad Distrital Francisco Jose de Caldas, 2019. [21] B. Gambin and L. Carreño. Marco de trabajo para la gestión de la seguridad de los sistemas de información en la universidad pública colombiana - caso de estudio universidad del magdalena. Master’s thesis, Universidad del Norte, 2017. [22] R. Betancourt, P. Monroy, and J. Davila. Implementación de sistemas de control de la información en el sena regional tolima, 2015. [Online]. [23] R. Aguirre and A. Zambrano. Estudio Para La Implementación Del Sistema De Gestión De Seguridad De La Información Para La Secretaría De Educación Departamental De Nariño Basado En La Norma ISO/IEC 27001, 2015. [Online]. [24] Jorge Merchan-Lima, Fabian Astudillo-Salinas, Luis Tello-Oquendo, Franklin Sanchez, Gabriel Lopez-Fonseca, and Dorys Quiroz. Information security management frameworks and strategies in higher education institutions: a systematic review. Annals of Telecommunications, 76(3-4):255–270, Jul 2020. [25] Antonio Fernández, Beatriz Gómez, Kleona Binjaku, and Elinda Kajo Meçe. Digital transformation initiatives in higher education institutions: A multivocal literature review. Education and Information Technologies, 28(10):12351–12382, Mar 2023. [26] L. A. Mutchler and M. Hines. Effective practices in implementing isms in higher education: A case study. Education and Information Technologies, 2018. [27] J. El-Khoury and C. Kesserwan. Digital transformation and it governance in higher education: A case study. International Journal of Education and Development Using Information and Communication Technology, 2018. [28] N. Ismail and A. N. Zainab. Implementation of information security management system framework in public universities. Journal of Information Systems Research and Innovation, 2018. [29] F. A. Aloul and S. Zhioua. Compliance challenges for isms in higher education. Journal of Information Security and Applications, 2020. [30] G. Tarekegn. Information security management in higher education institutions in developing countries. Journal of Information Security, 2019. [31] O. A. Fonseca-Herrera, A. E. Rojas, and H. Florez. A model of an information security management system based on ntc-iso/iec 27001 standard. IAENG International Journal of Computer Science, 48(2):1–10, 2021. [32] Pangondian Prederikus, Stefan Gendita Bunawan, Ford Lumban Gaol, Tokuro Matsuo, and Andi Nugroho. Standard analysis of document control as information according to iso 27001 2013 in pt xyz. Lecture Notes in Networks and Systems, page 721–732, 2022. [33] Rúsbel Domínguez-Domínguez, Omar A Flores-Laguna, and del Valle-López. Evaluation of an information security management system at a mexican higher education institution, 2023. [34] Zaydi Mounia and Nassereddine Bouchaib. A new comprehensive solution to handle information security governance in organizations. Proceedings of the 2nd International Conference on Networking, Information Systems Security, page 1–5, Mar 2019. [35] Adrian Ellison. How to prepare and protect your institution against a future cybersecurity attack, July 2024. Accessed: 2024-07-08. [36] BSI Case Study Fredrickson International. How fredrickson has reduced third party scrutiny and protected its reputation with iso 27001 certification, 2024. [Online]. [37] Inprosec. Caso de Éxito: Adaptación a la ISO 27001 (Gradiant) - Inprosec, July 2024. Accessed: 2024-07-09. [38] A Aguilar, T Velásquez Pérez, and Silva. Information security model. case study higher education institution. Journal of Physics Conference Series, 1257(1):012014–012014, Jun 2019. [39] Ehsan Samiei and Jafar Habibi. Toward a Comprehensive IT Management Methodology. IEEE Engineering Management Review, 50(1):168–185, Dec 2021. [40] Felipe Andrés Corredor-Chavarro, Diana Cristina Franco-Mora, and Diego Izquierdo-Dussan. Implementation of cybersecurity risk analysis systems in colombia. Visión electrónica, 2(2):334–342, Dec 2019. | eng |
| dc.rights | Leonel Hernandez Collante, Andri Pranolo, Aji Prasetya Wibawa - 2024 | eng |
| dc.rights.accessrights | info:eu-repo/semantics/openAccess | eng |
| dc.rights.coar | http://purl.org/coar/access_right/c_abf2 | eng |
| dc.rights.creativecommons | This work is licensed under a Creative Commons Attribution 4.0 International License. | eng |
| dc.rights.uri | https://creativecommons.org/licenses/by/4.0 | eng |
| dc.source | https://revistas.utb.edu.co/tesea/article/view/635 | eng |
| dc.subject | Implementation | eng |
| dc.subject | Security | eng |
| dc.subject | Information | eng |
| dc.subject | Risk | eng |
| dc.subject | Analysis | eng |
| dc.subject | ISMS | eng |
| dc.title | Implementation plan of the information security management system based on the NTC-ISO-IEC 27001:2013 standard and security risk analysis. Case study: Higher education institution | spa |
| dc.title.translated | Implementation plan of the information security management system based on the NTC-ISO-IEC 27001:2013 standard and security risk analysis. Case study: Higher education institution | spa |
| dc.type | Artículo de revista | spa |
| dc.type.coar | http://purl.org/coar/resource_type/c_6501 | eng |
| dc.type.coarversion | http://purl.org/coar/version/c_970fb48d4fbd8a85 | eng |
| dc.type.content | Text | eng |
| dc.type.driver | info:eu-repo/semantics/article | eng |
| dc.type.local | Journal article | eng |
| dc.type.version | info:eu-repo/semantics/publishedVersion | eng |