El sistema de gestión de seguridad de la información bajo la norma NTE ISO/IEC 27001 en instituciones de Educación Superior (Ecuador). (Original)

Janeth Mora Secaira; Raúl Díaz Ocampo; Emilio Zhuma Mera; Igor Ernesto Díaz Kovalenko

Authors

Janeth Mora Secaira Universidad Técnica Estatal de Quevedo
Raúl Díaz Ocampo Universidad Técnica Estatal de Quevedo
Emilio Zhuma Mera Universidad Técnica Estatal de Quevedo
Igor Ernesto Díaz Kovalenko Universidad Estatal Amazónica

Keywords:

structure; procedures; information systems; vulnerabilities

Abstract

With the objective of describing a methodology for an Information Security Management System (ISMS) for higher education institutions in Ecuador, under the NTE INEN-ISO / IEC 27001 standard, which will be useful at the time of its application and will facilitate the development of the phases of the PHVA cycle (to Plan, to Do, to Verify and to Act) at the institutional level. It was taken as a reference to the State Technical University of Quevedo (STUQ), the key processes of the case study university were identified, the information assets and controls that allowed contextualizing the scope of the ISMS according to ISO 27001 and that will allow STUQ to organize, to design and to manage systematically its ISMS, propose strategies for change and improvement, value and insure its assets from possible risks and vulnerabilities. Finally, the contribution of this study is a proposal for the implementation of the Information Security Management System in the STUQ, which includes a series of policies and procedures taking into account the identified findings, such as the procedures for the organization of the structure, an awareness and training plan, specific policies of information of the security and a business continuity plan; which must be implemented in order to contribute to the improvement of the levels of confidentiality, integrity and availability of the STUQ information.

Downloads

Download data is not yet available.

References

Asamblea Nacional. (2008) Constitución de la República del Ecuador. Obtenido de: http://www.estade.org/legislacion/normativa/leyes/constitucion2008.pdf
Bongiovanni, I., (2019).The least secure places in the universe? A systematic literature review on information security management in higher education. Computers & Security. 86: 350-357
CACES. (2019). Modelo de Evaluación Externa de Universidades y Escuelas Politécnicas. Obtenido de: https://www.caces.gob.ec/documents/20143/714527/3.+Modelo_Eval_UEP_2019_compressed.pdf/486dba29-6d71-f1e0-a3f1-01f6ecdceae8
CES. (2013). Reglamento de Régimen Académico. Ecuador. Obtenido de: http://www.ces.gob.ec/lotaip/2018/Enero/Anexos%20Procu/An-lit-a2-Reglamento%20de%20R%C3%A9gimen%20Acad%C3%A9mico.pdf
CES. (2018). Ley Reformatoria a la Ley Orgánica de Educación Superior. Ecuador
Esquema Gubernamental de la Seguridad de la Información."(2014).
Instituto Ecuatoriano de Normalización. (2016). Obtenido de http://www.normalizacion.gob.ec/wp
content/uploads/downloads/2016/05/nte_inen_iso_iec_27001.pdf
Ley Orgánica de Educación Superior. (2018). Registro Oficial Suplemento 298. Quito, Ecuador. 30p.
Marks, A.A., (2007). Exploring universities’ Information Systems Security Awareness in a Changing Higher Education Environment: a Comparative Case Study Research. University of Salford.
Ministerio de Finanzas del Ecuador, (2018) "Acuerdo Ministerial No. 209, Implementación del Plan Estratégico de Desarrollo Institucional UTEQ 2018-2020.
Norma UNE ISO/IEC 27001:2013. (1 de octubre de 2013). Segunda, 30
Okibo, B.W., Ochiche, O.B., (2014). Challenges facing information systems security management in higher learning Institutions: a case study of the catholic university of eastern Africa-Kenya. Int. J.f Manage. Excell. 3 (1), 336–349
Secretaría Nacional de la Administración Pública del Ecuador, "Esquema Gubernamental de Seguridad de la Información EGSI," (2013).
Whitson, G., (2003). Computer security: theory, process and management. J. Comput. Sci. Colleges 18 (6), 57–66.