Analysis of Information Security Management Applying International Standards to Mitigate Risks

• Published in: 2023 Congress in Computer Science, Computer Engineering, & Applied Computing (CSCE) pp. 669 - 674
• Main Authors: Del Pozo Durango, Rodrigo Humberto, T, Segundo Moises Toapanta, Diaz, Eriannys Zharayth Gomez, Trejo, Jose Antonio Orizaga, Gallegos, Luis Enrique Mafla, Arellano, Ma. Rocio Maciel, Rosillo, Victor Manuel Larios, Hifong, Maria Mercedes Bano
• Format: Conference Proceeding
• Language: English
• Published: IEEE 24.07.2023
• Subjects: Authorization; Decision making; Government; Information integrity; Information security; ISO Standards; Measurement; Metrics; Risks; Security information; Standards organizations; Threats
• DOI: 10.1109/CSCE60160.2023.00114

Information security is strategic and is one of the most important assets within an entity or organization; is one of the reasons to analyze and treat the different risks of confidentiality, integrity, availability (CIA) in information management, and that identity, authenticity, authorization and auditing (IAAA) are available both internally and externally, for this reason. Therefore, preventive measures must be taken. The objective of this investigation is to analyze the security standards to mitigate the risks, vulnerabilities and threats. The deductive method and exploratory research were used to analyze the information from the referenced articles. The result was the percentage of compliance with the potential risk indicators, a table of security metrics for compliance and the prototype for risk mitigation of a technological platform. It was concluded that information security management should be standardized considering the standards, good practices and security policies available at the government, strategic, tactical and operational level.