Ingeniería de Sistemas
Permanent URI for this collection
Browse
Browsing Ingeniería de Sistemas by Title
Now showing 1 - 20 of 113
Results Per Page
Sort Options
Item A través de escenarios oscuros: Impacto del uso de inteligencia artificial generativa en el campo de la seguridad de la información en un país de América latina(Universidad Santiago de Cali, 2023) Castro, Mathews Jovel; Marcus Martínez, Alejandro (Director)Artificial intelligence, and in particular generative artificial intelligence, has enabled the use of generative algorithms that allow cybercriminals to automate and customize their attacks, adapting them to the specific vulnerabilities of their targets. This is particularly damaging to the financial, government, and critical infrastructure sectors. On the other hand, the creation of fake content, deepfake, has proliferated thanks to the poor performance of such algorithms, leading to disinformation and manipulation campaigns that affect the political and social stability of a region. This article explains the negative impact of the use of generative artificial intelligence in the field of information security in Colombia. To do this, research was conducted on the threats of the use of generative artificial intelligence in information security. Once the research was conducted, a comparison was made between the threats and impacts of the use of generative artificial intelligence in information security in the international context versus Colombia. Finally, the results obtained from the research on the risks were documented, as well as the comparison of the threats and impacts of the use of generative artificial intelligence in the field of information security in the international context versus Colombia.Item Análisis de amenazas y estrategias de seguridad en redes sociales un panorama de ciberataques y violaciones de privacidad(Universidad Santiago de Cali, 2025) Rosero Giraldo, Catalina; Gil López, Johan Sebastián; Tavera Romero, Carlos Andrés (Director)In the digital age, social media has transformed human interactions, consolidating itself as essential spaces for connection, exchange of experiences and information. These platforms have acquired a central role in everyday life, also standing out as main sources of entertainment and key tools for business strategies, especially in advertising and customer acquisition. Therefore, this article aims to analyze the main cyber threats targeting social media users. A systematic review of the literature was carried out following the PRISMA protocol to ensure methodological rigor in the selection of information. The search was carried out in recognized databases such as Google Scholar, Scopus and ScienceDirect, covering studies published between 2018 and 2024. A total of 14 relevant articles were identified and analyzed after applying inclusion and exclusion criteria. The analysis was complemented with tools such as Mendeley for bibliographic organization and descriptive techniques for data synthesis. The study confirmed an increase in threats such as phishing, ransomware, malware, identity theft, and social engineering attacks. Significant cases of privacy violations were documented, including the Cambridge Analytica scandal and vulnerabilities of platforms such as Facebook and TikTok. It concluded that social networks face a high level of risk due to their popularity and accessibility, mitigating these threats requires a joint effort between users, companies and regulators, highlighting the need to educate users and implement security standards.Item Análisis de indicadores de seguridad web y su impacto en el posicionamiento seo en motores de búsqueda(Universidad Santiago de Cali, 2025) Ruiz Guerrero, Ricardo Steven; Loaiza Buitrago, Diego Fernando (Director)Currently, there are various components that affect the SEO positioning of a webpage on search engines. Most companies focus on user experience, usability, webpage loading times, and optimization, neglecting the security of the application, unaware of its significant impact on SEO. This article explores the cybersecurity indicators considered by search engines for the SEO positioning of web applications and the negative impact that neglecting these indicators can have.Item Análisis de la calidad en la educación superior en ingeniería durante tiempos de pandemia(Universidad Santiago de Cali, 2024) Daza Redondo, Joseph David; Proaño Sánchez, Carlos José; Pavera Romero, Carlos Andrés (Director)Item Análisis de la redundancia de los sistemas de medición de la calidad del aire en entornos urbanos(Universidad Santiago de Cali, 2021) Narváez Rojas, Carolina; Zúñiga Cañón, Claudia Liliana (Directora)Item Análisis de la vulnerabilidad XSS persistente: Estado actual, medidas de mitigación y herramientas de detección(Universidad Santiago de Cali, 2025) Pinta Higuita, Sergio Iván; Ordoñez Serna, Farid; Rojas Montes, Javier Salvador (Director)This review article focuses on the threat of persistent Cross-Site Scripting (XSS) in web applications, covering its emergence, evolution, exploitation methods, emerging trends, and impact on the IT sector. A systematic literature review was conducted following the PRISMA methodology (Preferred Reporting Items for Systematic Reviews and Meta-Analyses), selecting relevant sources from academic databases such as SpringerLink, Taylor & Francis Online, Scopus, Google Scholar, IEEE Xplore, ACM Digital Library, and ScienceDirect. Studies were evaluated based on relevance, timeliness, and data quality. Subsequently, detection tools such as OWASP ZAP, Burp Suite, and Acunetix are reviewed, highlighting their role in the early identification of vulnerabilities. Prevention and mitigation strategies are also examined, including rigorous data validation, secure encoding, the use of frameworks and security tools, and the importance of training IT security personnel to raise awareness of cybersecurity's importance within organizations. Additionally, integrating security practices throughout the software lifecycle is proposed to ensure a robust defense against persistent XSS. The information collected was analyzed and synthesized to provide a comprehensive view of the persistent XSS vulnerability. The most relevant conclusion emphasizes the importance of a defense-in-depth approach, using detection tools, well-defined security policies, and continuous staff training as critical approaches to effectively mitigate the risks associated with persistent XSS in web applications.Item Análisis de pruebas de penetración en sistemas y servicios web(Universidad Santiago de Cali, 2024) Mateus Rendon, Erick Steven; Chaves Cárdenas, Dalessandro; González Mejía, Erick Santiago; Rojas Montes, Javier Salvador (Director)IT services face various risks, mainly from cyber attacks. Web penetration testing determines whether a web system is vulnerable to attacks using tools and techniques that are usually used by penetration specialists who are dedicated to identifying vulnerabilities in these. Case studies are presented in order to expose an adequate management of cybersecurity, using specialized tools such as Nessus, which includes a practical case of a university where this tool is used to evaluate the security of its websites, and also Metasploit, which together with the Kali Linux operating system addresses a practical case where IoT devices are completely compromised. The review was prepared using the PRISMA methodology, selecting 70 articles and of which 26 articles were used. This methodology guarantees the quality and reliability of the sources. Web penetration testing evaluated vulnerabilities using black, white and gray box approaches, using manual and/or automated techniques. Web penetration testing consists of a 5-phase methodology: planning, scanning, exploitation, maintaining access and generating reports. In conclusion, it was found that the combination of penetration testing approaches (black, white and grey box), together with the use of emerging technologies such as artificial intelligence, not only optimizes vulnerability detection, but also strengthens system security. The incorporation of automated tools and advanced attack simulation allows organizations to mitigate potential impacts and protect their systems more efficiently.Item Análisis de Riesgo de la Seguridad Informática en la Organización Centro Misionero Bethesda(Universidad Santiago de Cali, 2019) García Bravo, Julio César; Dussan Clavijo, CiroNowadays, the used of Information Technologies –IT has an important role in companies, IT assets take on greater value to reach the business objectives, however, threats and vulnerabilities have increased with these technologies implementation, putting on risk the information systems and companies' IT assets, whereby the purpose of this document is to present the evaluation of vulnerabilities in IT infrastructure of the CMB, evidencing the potential threats and presenting a report with the appropriate computer security recommendations based on ISO 27000-1 (Dombora, 2016). To develop the risk analysis, a conference talking about how important is the computer security in CMB was given, then, an Ethical Hacking was realize aiming the evaluation the infrastructure of IT through tools like OWASP y OSSTMM; by last, through surveys, data was collected in information tables based on MAGERIT standards, also a risk processing matrix was done, identifying the IT assents, evaluation and more relevant threats, as well as, the potential loss that can generate each threat and probability of impact; finally, they presented a report in which the absence of the IT department has been evidenced, lack of employees training for computer security and correct use, in addition to vulnerabilities found in the infrastructure of this organization, thus, it's necessary to employ the recommendations that provide ISO 27001 and MEGERIT rules, with the objective of mitigate threats and vulnerabilities, reducing the security incident probability (Sharma, 2018).Item Análisis de vulnerabilidad en contraseñas de correos electrónicos(Universidad Santiago de Cali, 2024) Caicedo Olaya, William Alexander; Rojas Cardona, Brayan Esteban; Marcus Martínez, Alejandro (Director)In the digital age, password security has become critically important due to the increased reliance on online platforms for both personal and professional information management. With increasing connectivity and the massive sharing of sensitive data via email, password-related vulnerabilities have increased significantly. Weak passwords, reuse of credentials and attacks such as phishing and cracking expose both individuals and organizations to the risk of unauthorized access and data exploitation. This study focuses on the analysis of vulnerable passwords in emails, examining the most common cases of poor password management practices. Password-related threats not only affect individual users, but also compromise critical infrastructures and essential services, magnifying the impact of potential security breaches. Among the strategies proposed are multi-factor authentication, the use of automatically generated passwords using algorithms, and the implementation of password managers to create complex and secure credentials. The research reveals patterns of vulnerability that reinforce the urgent need to improve email security practices. It also underscores the importance of a comprehensive approach to cybersecurity, in which both users and technology developers share responsibility for fostering a culture of security that protects privacy and maintains trust in digital platforms. Proper password protection is key to ensuring data integrity.Item Análisis del Simulador SCRUM en el Proyecto ATLAS Explorando el Impacto del Aprendizaje Impulsado por Simulación(Universidad Santiago de Cali, 2024) Patricia Segura, Diana; Arboleda Martinez, Monica Helen (Directora)CELSIA S.A., the energy company of the Argos group, operates on three key fronts: generation, transmission and distribution of electrical energy in Colombia, Panama and Costa Rica, providing service to more than 586 thousand customers, both residential and business. Within the CELSIA infrastructure, the Corporate GIS area plays a fundamental role by maintaining an updated inventory of all electrical assets through the use of an application called ArcGIS. However, updating these assets is done manually, which not only depends entirely on human intervention but also leads to delays in update times. This situation compromises the reliability of the data presented in the reports before the CREG (Energy and Gas Regulatory Commission), thus affecting the company's remuneration. In response to these challenges, the ATLAS project is being carried out, whose primary objective is to guarantee the quality of the data, reduce update times and automate processes within the Corporate GIS area. This research proposes a detailed analysis of the implementation of SCRUM, based on simulation-driven learning; SCRUM is recognized for its ability to address complex problems and adapt according to planning and defined roles within the work team. It is expected that by combining the information from the ongoing project with the SCRUM methodology, it will allow a significant optimization of the processes in the Corporate GIS area of CELSIA, thus improving the company's operational efficiencyItem Análisis y diseño de sistemas de información para la gestión, seguimiento y control en tiempo real de las ventas realizadas en microempresas(Universidad Santiago de Cali, 2019) Zambrano Castillo, Jhorman Alexis; Loaiza Buitrago, Diego FernandoOne of the main disadvantages for Micro-entrepreneurs is not having a tool that allows them to keep themselves well informed about the fundamental activities of their business in a timely manner, which allows them to make sound decisions that add value to their business. The purpose of this article is to present the analysis and design of an integrated web information system coupled with a mobile application for an application (APP) cell phone and tablet compatible which will allow the entrepreneur to manage, track and control information in real time (24/7); providing management indicators for decision making. To achieve these results, an agile methodology of Scrum projects was used through the process of collecting information pertaining to the needs and new ideas of the small companies, which then was used to design the system. This will ensure that micro-entrepreneurs have immediate access to minute-by-minute information of all critical processes, decrease loss of sales when viewing products to replace, or existing in warehouse, to exercise control over existing inventories, increase sales closing rates through managing potential customer’s point of contact, in addition to having a powerful tool to generate proper reports and queries of vital information of the companyItem Aplicación de algoritmos de clasificación como soporte al diagnóstico del cáncer de mama en unidades oncológicas(Universidad Santiago de Cali, 2020) García Restrepo, Diego Fernando; Rondón Otero, Leidy Viviana; Tavera Romero, Carlos AndrésBreast cancer is one of the diseases that cause a lot of deaths every year, it is the most common type of all cancers and one of the leading causes of death of women in the world and Colombia. In this article, we present the use of WEKA as a machine learning and data mining tool, applying different classifiers to a set of breast cancer data provided by the cancer unit with the objective of supporting the diagnosis and supporting the taking of decisions in the diagnosis of breast cancer. The results obtained show how researchers in the area of health can use both statistical analysis and data mining techniques to discover knowledge and make a better diagnosis of breast cancer and other diseases. In the document a comparison of the effectiveness of the classifiers and an analysis of correct classification, incorrect classification and precision are made, aspects that are of importance for researchers who want to use algorithms in other types of studies or with other attributes to diagnose if the values of these lead or not to conclude that a person has breast cancerItem Aplicación de la gestión costos en proyectos business analytics para pymes con enfoque PMI(Universidad Santiago de Cali, 2022) Estrada Nieto, Roberto; Gómez Viáfara, Santiago; Rojas Montes, Javier Salvador (Director)This article uses cost management in the implementation of Business Analytics projects for small businesses. An adaptation of the Cost Management subprocess proposed in the PMBOK of the international standard of the Project Management Institute (PMI) is carried out, with which this type of company can establish the baseline of the required budget. A documentary search is carried out to determine the items that will make up the baseline to be budgeted and determine the amount of the investment. This document illustrates the advantages that, for SMEs, the application of good practices of Project Management has in case of undertaking the implementation of a BA strategyItem Aplicación del internet de las cosas (IoT) en la gestión de almacenes - una revisión de nuevas propuestas(Universidad Santiago de Cali, 2019) Morales Sarria, David Felipe; Silva Leal, Jorge AntonioThe Internet of Things (IoT) is a key concept of the fourth industrial revolution and is considered one of the most promising areas for controlling and improving supply chain performance. This manuscript is an exploration of new proposals for Internet of Things applications in warehouse management over the past five years. A review of the academic literature published between 2015 and 2019 was conducted, with the goal of providing a full description of the cumulative state of research on this topic. Warehousing operations were investigated in the context of five main functions: reception, storage, picking, packing, and shipping. Contributions associated with the use of radio frequency identification (RFID) in reception operations and the use and integration of the Warehouse Management System (WMS) for the support of storage activities and optimization of safety conditions and product profiling are noteworthy. Also, proposals related to Automated Guided Vehicle (AVG) and database management systems to minimize search, travel time, and to avoid picking errors, design of automated packaging systems for packing operations, and a tracking system for the delivery of goods in shipping operations, are highlighted as well. Finally, this synthesis reveals that these types of proposals continue to be a topic of interest in research concerning supply chain management, offering reliable bibliographic support that can be used as a starting point in the consultation and formulation of new initiatives for future researchers or professionals in this field.Item Aplicación móvil para promover el deporte en los gimnasios públicos y senderos de Cali, (GymGo! Cali)(Universidad Santiago de Cali, 2019) Salgado Blanco, Wilson Stiven; Vásquez Estrada, Diego Fernando; Zúñiga Cañón, Claudia LilianaThe trails and bioparks are free spaces designed for the use of population in physical activities and welfare; however, there is ignorance of the proper use and location of them. GymGo! Cali is a mobile application to promote recreation and sports, contributing in this way to the improvement of the quality of life of the people of Cali. Through interactive components, GymGo! Cali allows locating and knowing the outdoor spaces arranged by the municipality for recreational and sports activities. The application requires user registration, which includes some basic aspects of their physical condition and provides a series of routines appropriate to the body mass index of each user, accompanied by an instruction for the proper use of exercise machines. Additionally, it has a space for social interaction where you can share training routines, create sports groups or simply interact with people who are close to the user. This application will be free to use and accessible to all citizens who have a smart mobile device with Android operating system, regardless of age and socioeconomic limitations, but taking into account that any physical activity that you make using the instructions. This will be under the responsibility of each user and should always be accompanied by good nutrition and hydration to obtain satisfactory results.Item Aplicación móvil para seguimiento, monitoreo y control de rutas de vehículos. Caso de estudio: empresa línea comunicaciones S.A(Universidad Santiago de Cali, 2019) Landazuri Diaz, Diego Alexander; Priest Velásquez, Yana SaintThat companies of telecommunications subcontract persons who vehicles for the mobilization of its personnel and material of work, nevertheless, this situation does not allow to have a strict control on what really it happens with the vehicles and the material. There is proposed then the development of a technological program that tackles the subject-matter of intelligent labor mobility from the perspective of as the mobile programming and the systems of telecommunications, they allow the collection of data in real-time of factors such as: Distance travelled, Location of the mobile and route management. The structure of the application, named GeoLinea, it was developed from two ambiences coherently linked: In first stay and using the Java Programming Language the app was designed in the Android Studio environment. Currently the application is in the test with the staff of the company.Item Aplicación web para la predicción del comportamiento de la población vinculada a una compañía de seguros funerarios(Universidad Santiago de Cali, 2020) Solarte Martínez, Omar; Cruz Gómez, Carlos Andrés; Saint Priets, Yana ElidaThe business core of the company Servivir is based on services from the sale of exequial plans. In their rocess, they perform data analysis to: for example, a population concentration was found in three associated entities, which generates a financial risk in the event of understand customer behavior, however, they do not have the specialized tools for data analysis that make the process more efficient and reliable; it’s for this that the idea of building a web application was born that allows data analysis and presents the results through graphic reports. The project was designed under the incremental methodological structure of software development, guidelines and artifacts of the SCRUM methodology were also implemented. The results showed relevant information on the behavior of those associated with Servivirretirement. In the end it is concluded that the application reduces the information analysis times by 99.98%, with what is considered highly functional.Item Aprendizaje profundo para el diseño y predicción de ofertas de mercado en el comercio minorista(Universidad Santiago de Cali, 2024) Calderón Parra, Bryan; Prieto Bolaños, Ricardo Andrés (Director)To carry out this project, the application of Deep Learning in the market was examined to determine supply prediction, with the purpose of developing software based on an artificial intelligence model that provides relevant information to design strategies. digital marketing in the retail sector. The functionalities of the prediction model were identified, adapting them according to the specific requirements of this area. To guarantee the reliability and effectiveness of the results of the predictive model, data collection and purification strategies based on web scrapers were used. The accuracy of the model was evaluated through the validation of acceptance criteria, the results of which suggest the effectiveness of this technology in optimizing trend analysis processes and establishing product prices. This approach seeks to reduce the uncertainty associated with the analysis of deviations related to budgets or financial forecasts that assume consumer behaviors.Item Auditoria de TI Basada en estándares mínimos de COBIT 2019: Caso de Estudio Empresa de Servicios del Valle del Cauca(Universidad Santiago de Cali, 2019) Díaz Artunduaga, Milton Fabián; Dinas, SimenaAn Audit is an evaluation of a specific area of an organization with the objective of knowing the veracity of the results and generate useful indicators to improve the processes of a company. The audit is specialized according to the area and disciplines; in the case of IT audits, they are responsible for conducting a review of IT resources in order to identify the situation in which they are developed based on current regulations. They are classified in internal and external audits; however, this kind of audit is characterized by the implementation of an information governance framework with the aim of facilitating the information management process and reliability to generate a clear methodology. COBIT, 2019 is then proposed as the most recent version of the Framework for users, administrators and auditors of information systems, regulating good practices, providing standards for the compliance of information and communication processes are part of the most widely used control methodologies at the international level exposed by the Information Systems Security Association (ISSAI). This article presents the results of the evaluation of the company's IT control environment in order to measure the security of the applications and identify improvement options that allow optimizing processes, controls and security in general in the technology area. The audit was conducted according to best market practices; and the reference framework for Government and IT Management: COBIT 2019, with the objective of evaluating compliance with the minimum standards implemented in the company, also exposes the results of meetings, the process of compilation and validation of supports, the findings found during the generation of the report of recommendations according to the methodology implemented.Item Automatización robótica de proceso, aplicada al proceso de cierre de seguros soat usando automation anywhere enterprise(Universidad Santiago de Cali, 2019) Fajardo Mayor, Jhonnathan Steven; Alomia Angulo, Dogildo Klinio; Rojas Montes, Javier SalvadorIn the present work, the development of a robotic process automation for the improvement of the Closing process will be presented, in which the total registered daily sales of Compulsory Insurance for vehicles that were loaded to the CSIS systems in the Morning Hours are concluded, which is made up of a routine that is executed daily, which can be executed on demand or programmed to be executed automatically, in the private company's service area. In addition, to perform automation, a robotic process automation (RPA) tool, called Automation Anywhere Enterprise (AAE), is used. Also, to determine the results of this process with the proposed technology, the concepts that cover this automation technology, the Cascade methodology and analysis that were applied for the development and implementation will be presented in order to obtain the best cycle time of the process and minimize errors by validation and manual information registration