El texto completo de este trabajo no está disponible en el Repositorio Académico UPC por restricciones de la casa editorial donde ha sido publicado. / This paper proposes an information security risk management model that allows mitigating the threats to which SMEs in Peru are exposed. According to studies by Ernst Young, 90% of companies in Peru are not prepared to detect security breaches, and 51% have already been attacked. In addition, according to Deloitte, only 10% of companies maintain risk management indicators. The model consists of 3 phases: 1. Inventory the information assets of the company, to conduct the risk analysis of each one; 2. Evaluate treatment that should be given to each risk, 3. Once the controls are implemented, design indicators to help monitor the implemented safeguards. The article focuses on the creation of a model that integrates a standard of risk management across the company with a standard of IS indicators to validate compliance, adding as a contribution the results of implementation in a specific environment. The proposed model was validated in a pharmaceutical SME in Lima, Peru. The results showed a 71% decrease in risk, after applying 15 monitoring and training controls, lowering the status from a critical level to an acceptable level between 1.5 and 2.3, according to the given assessment. / Revisión por pares
Identifer | oai:union.ndltd.org:PERUUPC/oai:repositorioacademico.upc.edu.pe:10757/656577 |
Date | 01 June 2020 |
Creators | Garay, Daniel Felipe Carnero, Marcos Antonio, Carbajal Ramos, Armas-Aguirre, Jimmy, Molina, Juan Manuel Madrid |
Publisher | IEEE Computer Society |
Source Sets | Universidad Peruana de Ciencias Aplicadas (UPC) |
Language | English |
Detected Language | English |
Type | info:eu-repo/semantics/article, info:eu-repo/semantics/article |
Format | application/html |
Source | Repositorio Academico - UPC, Universidad Peruana de Ciencias Aplicadas (UPC), Iberian Conference on Information Systems and Technologies, CISTI, 2020-June |
Rights | info:eu-repo/semantics/embargoedAccess |
Relation | https://ieeexplore.ieee.org/document/9140980 |
Page generated in 0.0022 seconds