International Journal on Advanced Science, Engineering and Information Technology

In recent years, digital transformation has played an important role in all companies investing in technology. This investment greatly contributes to the daily tasks that companies carry out and can mean notable business growth. Also, it brings vulnerabilities that can be exploited by malicious people who, for any reason, seek to damage or appropriate the company's resources, thus directly or indirectly affecting business operations, which is why it is necessary to prevent these acts of vulnerability with the realization of information security. That is why the materials used to implement information security are explained in this work. The purpose of the research work is to identify, analyze, and evaluate to deal with the risks, thus better controlling the risks. This allowed us to land it in the conclusions made based on the objective and methodology used. It allowed us to have a sequence divided into three stages: initiation, planning, and execution. This helps us identify the infrastructure, times, risks, controls, policies, and information assets, in addition to evaluating and treating each risk identified in the District Municipality of Jesás María. This study showed that the implementation of information security has a positive impact since it helps make decisions for the protection of information assets.

Information security; impact; methodology; protection; vulnerability.

J. A. Orjuela Castro and W. Adarme Jaimes, “Dynamic impact of the structure of the supply chain of perishable foods on logistics performance and food security,†Journal of Industrial Engineering and Management, vol. 10, no. 4, pp. 687–710, Oct. 2017, DOI: 10.3926/jiem.2147. [Online]. Available: http://jiem.org/index.php/jiem/article/view/2147

I. M. Lopes, T. Guarda, and P. Oliveira, “How iso 27001 can help achieve gdpr compliance,†in 2019 14th Iberian Conference on Information Systems and Technologies (CISTI). IEEE, 2019, pp. 1–6, DOI: 10.23919/CISTI.2019.8760937.

K. J. Moncayo L Ìopez and C. A. Ortiz Lozada, “Propuesta de iso 27001 para salvaguardar los inventariosde peter pc,†B.S. thesis, Universidad de Guayaquil Facultad de Ciencias Administrativas, 2018.

M. Nieles, K. Dempsey, V. Y. Pillitteri et al., “An introduction to information security,†NIST special publication, vol. 800, p. 12, Jun. 2017, DOI: 10.6028/NIST.SP.800-12r1.

A. da Veiga and N. Martins, “Defining and identifying dominant information security cultures and subcultures,†Computers Security, vol. 70, pp. 72–94, 2017, DOI: 10.1016/j.cose.2017.05.002. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167404817300937

Z. Tumwebaze, V. Mukyala, B. Ssekiziyivu, C. B. Tirisa, and A. Tumwebonire, “Corporate governance, internal audit function and accountability in statutory corporations,†Cogent Business & Management, vol. 5, no. 1, p. 1527054, Jan. 2018, doi = 10.1080/23311975.2018.1527054. [Online]. Available: https://doi.org/10.1080/23311975.2018.1527054

E. F. Alvarado Meza, “Propuesta para la implementación de un sistema de gestión de seguridad de la informaci Ìon aplicando la norma iso 27001 para industrias ales†PhD thesis, Universidad de Guayaquil.Facultad de Ingenierıa Industrial, 2016.

N. Sohrabi Safa, R. Von Solms, and S. Furnell, “Information security policy compliance model in organizations,†Computers Security, vol. 56, no. Complete, pp. 70–82, Feb. 2016, DOI: 10.1016/j.cose.2015.10.006. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167404815001583

S. V. Flowerday and T. Tuyikeze, “Information security policy development and implementation: The what, how and who,†Computers Security, vol. 61, no. C, pp. 169– 183, 2016, DOI: 10.1016/j.cose.2016.06.002. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167404816300670

V. Gil Vera and J. Gil Vera, “Seguridad informática organizacional: un modelo de simulación basado en dinámica de sistemas,†Scientia et Technica, vol. 22, no. 2, pp. 193– 197, Jun. 2017, DOI: 10.22517/23447214.11371. [Online]. Available: https://revistas.utp.edu.co/index.php/revistaciencia/article/view/11371

V. P. Rathod, “Project implementation of information security management system in tata chemicals ltd,†Ph.D. dissertation, Instytut Organizacji Systemow Produkcyjnych, 2019.

W. M. Contero Ramos, “Diseño de una polıtica deseguridad de la información basada en la norma iso27002: 2013, para el sistema de botones de seguridaddel ministerio del interior,†2019.

F. Cabrera and R. Isidro, “Análisis del riesgo de las ticsen el laboratorio de computo de la unidad educativapueblo nuevo mediante la aplicaci Ìon de la norma iso27005.,†B.S. thesis, Babahoyo, UTB-FAFI 2020, 2020.

J. J. Santacruz Espinoza, C. R. Vega Abad, L. F. Pinos Castillo, and O. E. Cardenas Villavicencio, “Sistema cobit en los procesos de auditorías de los de sistemas informáticos,†Journal of Science and Research: Revista Ciencia e Investigacion. ISSN 2528-8083 ´ , vol. 2, no. 8, pp. 65–68, Dic. 2017, DOI: 10.26910/issn.2528-8083vol2iss8.2017pp65-68. [Online]. Available: https://revistas.utb.edu.ec/index.php/sr/article/view/342

A. D. D. Quintana, “Relación entre los virus informáticos (malware) y ataques en países vulnerables de seguridad en informática utilizando análisis de componentes principales (acp),†Logos, vol. 6, no. 1, 2016, DOI: 10.21503/log.v6i1.1316.

T. Nathezhtha, D. Sangeetha, and V. Vaidehi, “Wc-pad: Web crawling based phishing attack detection,†in 2019 International Carnahan Conference on Security Technology (ICCST). IEEE, 2019, pp. 1–6, DOI: 10.1109/CCST.2019.8888416.

J. S. Aidan, H. K. Verma, and L. K. Awasthi, “Comprehensive survey on petya ransomware attack,†in 2017 International Conference on Next Generation Computing and Information Systems (ICNGCIS), IEEE. Los Alamitos, CA, USA: IEEE Computer Society, Dec. 2017, pp. 122–125, DOI: 10.1109/ICNGCIS.2017.30.

F. M. Arevalo Moscoso, I. P. Cedillo Orellana, and S. A. ´ Moscoso Bernal, “Metodología Ãgil para la gestión de riesgos informáticos,†Killkana Técnica, vol. 1, no. 2, pp. 31–42, ago. 2017, DOI: 10.26871/killkanatecnica.v1i2.81.[Online].Available : https : //killkana.ucacue.edu.ec/index.php/killkanatecnico/article/view/81

E. A. Morales Quispe, “Validación metodologıa pmbok en gestión de riesgos del proceso de desarrollo de software empresa sector educación,†2018.

H. C. y Marcelo Mendoza-Vinces y Christian Vera Alava, “Importancia de la auditoría interna para el perfeccionamiento de los niveles eficiencia y calidad en las empresas,†Dominio de las Ciencias, vol. 3, no. 2, pp. 908–920, 2017, DOI: 10.23857/dc.v3i2.457. [Online]. Available: https://www.dominiodelasciencias.com/ojs/index.php/es/article/view/457

S. Sirvent Asensi, V. Gisbert Soler, and E. Perez Bernabeu, “Los 7 principios de gestión de la calidad en iso 9001,†3C Empresa. Investigación y pensamiento crítico, no. 1, pp. 10–18, dic. 2017, DOI: 10.17993/3cemp.2017.especial.10-18. [Online]. Available: http://ojs.3ciencias.com/index.php/3c-empresa/article/view/572

V. B. Somawarad and J. Rashmi, “Planning and scheduling multi storeyed residential building using microsoft project and application of material management technique,†Planning, vol. 6, no. 07, 2019.

A. Merlos, “Polıticas de seguridad y defensa en la erade la posverdad,â€Cuadernos de estrategia, no. 197,pp. 83–106, 2018.

A. Nechai, E. Pavlova, T. Batova, and V. Petrov, “Implementation of information security system in service and trade,†IOP Conference Series: Materials Science and Engineering, vol. 940, p. 012048, Oct. 2020, DOI: 10.1088/1757-899x/940/1/012048. [Online]. Available: https://doi.org/10.1088/1757-899x/940/1/012048