Ingeniería de Sistemas
Permanent URI for this collection
Browse
Browsing Ingeniería de Sistemas by Subject "Análisis de Riesgo"
Now showing 1 - 1 of 1
Results Per Page
Sort Options
Item Análisis de Riesgo de la Seguridad Informática en la Organización Centro Misionero Bethesda(Universidad Santiago de Cali, 2019) García Bravo, Julio César; Dussan Clavijo, CiroNowadays, the used of Information Technologies –IT has an important role in companies, IT assets take on greater value to reach the business objectives, however, threats and vulnerabilities have increased with these technologies implementation, putting on risk the information systems and companies' IT assets, whereby the purpose of this document is to present the evaluation of vulnerabilities in IT infrastructure of the CMB, evidencing the potential threats and presenting a report with the appropriate computer security recommendations based on ISO 27000-1 (Dombora, 2016). To develop the risk analysis, a conference talking about how important is the computer security in CMB was given, then, an Ethical Hacking was realize aiming the evaluation the infrastructure of IT through tools like OWASP y OSSTMM; by last, through surveys, data was collected in information tables based on MAGERIT standards, also a risk processing matrix was done, identifying the IT assents, evaluation and more relevant threats, as well as, the potential loss that can generate each threat and probability of impact; finally, they presented a report in which the absence of the IT department has been evidenced, lack of employees training for computer security and correct use, in addition to vulnerabilities found in the infrastructure of this organization, thus, it's necessary to employ the recommendations that provide ISO 27001 and MEGERIT rules, with the objective of mitigate threats and vulnerabilities, reducing the security incident probability (Sharma, 2018).