El texto completo de este trabajo no está disponible en el Repositorio Académico UPC por restricciones de la casa editorial donde ha sido publicado. / This paper proposes an information security risk management model that allows mitigating the threats to which SMEs in Peru are exposed. According to studies by Ernst Young, 90% of companies in Peru are not prepared to detect security breaches, and 51% have already been attacked. In addition, according to Deloitte, only 10% of companies maintain risk management indicators. The model consists of 3 phases: 1. Inventory the information assets of the company, to conduct the risk analysis of each one; 2. Evaluate treatment that should be given to each risk, 3. Once the controls are implemented, design indicators to help monitor the implemented safeguards. The article focuses on the creation of a model that integrates a standard of risk management across the company with a standard of IS indicators to validate compliance, adding as a contribution the results of implementation in a specific environment. The proposed model was validated in a pharmaceutical SME in Lima, Peru. The results showed a 71% decrease in risk, after applying 15 monitoring and training controls, lowering the status from a critical level to an acceptable level between 1.5 and 2.3, according to the given assessment. / Revisión por pares
| Identifer | oai:union.ndltd.org:PERUUPC/oai:repositorioacademico.upc.edu.pe:10757/656577 |
| Date | 01 June 2020 |
| Creators | Garay, Daniel Felipe Carnero, Marcos Antonio, Carbajal Ramos, Armas-Aguirre, Jimmy, Molina, Juan Manuel Madrid |
| Publisher | IEEE Computer Society |
| Source Sets | Universidad Peruana de Ciencias Aplicadas (UPC) |
| Language | English |
| Detected Language | English |
| Type | info:eu-repo/semantics/article, info:eu-repo/semantics/article |
| Format | application/html |
| Source | Repositorio Academico - UPC, Universidad Peruana de Ciencias Aplicadas (UPC), Iberian Conference on Information Systems and Technologies, CISTI, 2020-June |
| Rights | info:eu-repo/semantics/embargoedAccess |
| Relation | https://ieeexplore.ieee.org/document/9140980 |
Page generated in 0.0017 seconds