Dissertations / Theses on the topic 'IEC 27004'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'IEC 27004.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
Garay, Daniel Felipe Carnero, Antonio Carbajal Ramos Marcos, Jimmy Armas-Aguirre, and Juan Manuel Madrid Molina. "Information security risk management model for mitigating the impact on SMEs in Peru." IEEE Computer Society, 2020. http://hdl.handle.net/10757/656577.
Full textThis paper proposes an information security risk management model that allows mitigating the threats to which SMEs in Peru are exposed. According to studies by Ernst Young, 90% of companies in Peru are not prepared to detect security breaches, and 51% have already been attacked. In addition, according to Deloitte, only 10% of companies maintain risk management indicators. The model consists of 3 phases: 1. Inventory the information assets of the company, to conduct the risk analysis of each one; 2. Evaluate treatment that should be given to each risk, 3. Once the controls are implemented, design indicators to help monitor the implemented safeguards. The article focuses on the creation of a model that integrates a standard of risk management across the company with a standard of IS indicators to validate compliance, adding as a contribution the results of implementation in a specific environment. The proposed model was validated in a pharmaceutical SME in Lima, Peru. The results showed a 71% decrease in risk, after applying 15 monitoring and training controls, lowering the status from a critical level to an acceptable level between 1.5 and 2.3, according to the given assessment.
Revisión por pares
Palička, Jan. "Systémové řešení bezpečnosti informací v organizaci." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2017. http://www.nusl.cz/ntk/nusl-316954.
Full textSantos, Valdeci Otacilio dos. "Um modelo de sistema de gestão da segurança da informação baseado nas normas ABNT NBR ISO/IEC 27001:2006, 27002:2005 e 27005:2008." [s.n.], 2012. http://repositorio.unicamp.br/jspui/handle/REPOSIP/259797.
Full textDissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação
Made available in DSpace on 2018-08-21T18:11:43Z (GMT). No. of bitstreams: 1 Santos_ValdeciOtaciliodos_M.pdf: 1681366 bytes, checksum: 4ed0e181fcbc30a368afc34e5d374cec (MD5) Previous issue date: 2012
Resumo: O crescimento constante de ameaças e vulnerabilidades nos sistemas de informação faz com que a preocupação por parte dos administradores sobre a segurança desses sistemas também seja intensificada. Na busca de um nível adequado de segurança da informação, estão sendo criadas e aperfeiçoadas, não somente no Brasil, mas em escala mundial, legislações e normatizações que tratam sobre esse tema tão importante nos dias atuais. Este trabalho tem como objetivo propor um modelo de sistema de gestão da segurança da informação, com modelagem de processos e descrição das atividades, que contemple as principais diretrizes preconizadas nas normas ABNT NBR ISO/IEC 27001:2006, 27002:2005 e 27005:2008. O modelo proposto visa guiar a implementação de um novo sistema de gestão da segurança da informação em uma organização ou verificar a conformidade de um sistema já existente. O trabalho compreende uma aplicação prática do modelo proposto, em que foi executado um levantamento do nível de aderência das atividades desenvolvidas nos diversos processos que compõem um sistema de gestão da segurança da informação de uma organização, com o que está previsto no modelo e, consequentemente, nas normas utilizadas como referência. Na avaliação dos resultados da verificação realizada foi possível obter uma visão geral da situação em que se encontra a gestão da segurança da informação da organização, bem como a verificação dos pontos que estão de acordo com a normatização e daqueles que necessitam aprimoramentos
Abstract: The steady growth of threats and vulnerabilities in the information systems causes an intensified concern among administrators about the security of these systems. In search of an appropriate level of information security are being created and improved, not only in Brazil but worldwide, laws and regulations that deal with this important issue. This work aims to propose a model of information security management system with process modeling and description of activities, covering the main guidelines recommended in the standards ABNT NBR ISO/IEC 27001:2006, 27002:2005 e 27005:2008. The proposed model aims to guide the implementation of a new system for managing information security in an organization or verify the conformity of an existing system. The work includes a practical application of the proposed model, that was carried out a survey on the level of activities adhesion in the various processes that comprise a information security management system within an organization, what is envisaged in the model and consequently, the standards used as reference. In assessing the results of the verification carried out was possible to obtain an overview of the situation in which the information security management system of the organization is, as well as the verification of the points that are in accordance with norms and those that need improvement
Mestrado
Telecomunicações e Telemática
Mestre em Engenharia Elétrica
Kryštof, Tomáš. "Návrh na zavedení nutných oblastí ISMS na základní škole." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2016. http://www.nusl.cz/ntk/nusl-241476.
Full textVyhňák, Petr. "Návrh zavedení bezpečnostních opatření v souladu s ISMS pro společnost." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2019. http://www.nusl.cz/ntk/nusl-402086.
Full textAl-Botani, Nidaa. "Informationssäkerhet i organisationer - Utvärdering av Folktandvårdens informationssäkerhet inom Region Jönköpings län." Thesis, Tekniska Högskolan, Högskolan i Jönköping, JTH, Data- och elektroteknik, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:hj:diva-28245.
Full textInformation today is a valuable resource for organizations which become more and more dependent on their information systems. Information subject to various threats and the need to be protected in order that organizations can effectively run their business. A systematic information security helps organizations to achieve and maintain a sufficient level of information security. The study aims to investigate how information is managed within organizations in general. A case study has been performed in Folktandvården (the Public Dental Service), Region Jönköping County to investigate how the organization handle information security. In addition, the study aims to evaluate awareness of information security among employees at the business and to present proposals on how to improve handling of personal data. Mixed techniques have been used to gather information. Literature studies in the field of information security has been implemented. The empirical data collected through a questionnaire, interviews and written questions sent by e-mail to managers in Folktandvården. This study uses the standards SS-ISO / IEC 27001:2014 and SS-ISO / IEC 27002:2014 to evaluate the information in Folktandvården, Region Jönköping County and to get a picture of how information is managed within organizations. Organizations can maintain the security of their information by implementing an information security management system (ISMS) that preserves the confidentiality, integrity and availability of information. Information security and ISMS application differs between organizations, which could be affected by the organization's needs and goals, size and structure. Case study results show that Folktandvården, Region Jönköping County implements an active management of information. The organization manages most of the specifications in the standards. However this study proposes to organize more training programs for information security awareness. These programs should be updated regularly in order to continue to be in line with organizational policies and procedures. It is recommended that the organization performs information classification fully in accordance with the model it has. Additionally, it is recommended to develop the planning of continuity for information. The results from the questionnaire show that the employees are aware of how they handle information security incidents and they think that the systems are available for authorized access. Several of the proposals presented by this study have been heeded and will lead to further work in Folktandvården. Organizations' personal information should be protected by applying the rules in accordance with applicable regulations. A responsible person in the organization should provide guidance to employees about their responsibility for the handling of personal data.
Soukop, Tomáš. "Systém pro podporu auditu managementu informační bezpečnosti." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2012. http://www.nusl.cz/ntk/nusl-236503.
Full textAlila, Patrick. "Complementing network security to the ISO/IEC 27000 standard." Thesis, Linköpings universitet, Institutionen för teknik och naturvetenskap, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-96298.
Full textKohoutek, Josef. "Zavádění bezpečnostních opatření dle ISMS do malé společnosti." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2016. http://www.nusl.cz/ntk/nusl-241610.
Full textNemec, Tomáš. "Návrh metodiky pro příručku ISMS a opatření aplikované na vybrané oblasti." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2013. http://www.nusl.cz/ntk/nusl-224225.
Full textCoetzer, Christo. "An investigation of ISO/IEC 27001 adoption in South Africa." Thesis, Rhodes University, 2015. http://hdl.handle.net/10962/d1018669.
Full textLjunggren, Viktor, and Emil Freid. "Effekterna av en ISO/IEC 27001-certifiering : Upplevda förändringar bland små svenska organisationer." Thesis, Tekniska Högskolan, Jönköping University, JTH, Datateknik och informatik, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:hj:diva-49716.
Full textSociety today is more connected and handles more information than ever before. The information is handled to a greater extent by IT systems, where the requirements for secure information management have increased. To manage this increase in information flow, organization can implement an information security management system (ISMS). It takes both time and resources to design and implement an ISMS. For this investment to be profitable, it should also provide additional value for companies. In order to standardize and specify the structure of ISMS, ISO/IEC 27001 (Standard for ISMS) has been developed and implemented by companies all over the world. The purpose of this study is to identify the changes that an ISO/IEC 27001-certification leads to for small organisations in Sweden. An interview study has been conducted and semi-structured interviews has been used for data collection. Based on the collected empirical evidence, six categories have been identified and described thematically for each informant. The study shows that organisations get a better process and control over information security and a strengthened information security culture. In addition, information security is said to have improved among organisations through various security measures. In addition communications with customers have been simplified, whenever information security is discussed. The study examines the impact of ISO/IEC 27001-certification on four organisations, in order to ensure diversity of the empirical evidence collected. This was done with one informant per organisation, with an overview of both the organisation and the certification. The study examines organisations that are already certified, since the organisation need to have implemented the ISO/IEC 27001 standard. Neither the certification process, the security measures, the implementation nor the application of the management system have been investigated in this study.
Procingerová, Lucie. "Zavádění řízení informační bezpečnosti ve zdravotnickém zařízení." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2017. http://www.nusl.cz/ntk/nusl-318603.
Full textBartoš, Lukáš. "Návrh metodiky bezpečnosti informací v podniku." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2013. http://www.nusl.cz/ntk/nusl-224223.
Full textPospíchal, Jindřich. "Zavedení ISMS v podniku." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2016. http://www.nusl.cz/ntk/nusl-241309.
Full textNgqondi, Tembisa Grace. "The ISO/IEC 27002 and ISO/IEC 27799 information security management standards : a comparative analysis from a healthcare perspective." Thesis, Nelson Mandela Metropolitan University, 2009. http://hdl.handle.net/10948/1066.
Full textAsp, Sandin Agnes. "A simplified ISMS : Investigating how an ISMS for a smaller organization can be implemented." Thesis, Högskolan i Skövde, Institutionen för informationsteknologi, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-20238.
Full textŠtěpánek, Daniel. "Návrh zavedení bezpečnostních opatření ve společnosti vyvíjející software." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2017. http://www.nusl.cz/ntk/nusl-318285.
Full textPina, João Nuno Esteves. "Framework de auto-avaliação interna para gestão da segurança da informação : estudo de caso." Master's thesis, Instituto Superior de Economia e Gestão, 2012. http://hdl.handle.net/10400.5/10756.
Full textA importância da protecção da informação, associada aos factores de insucesso na implementação de Sistemas de Gestão da Segurança da Informação (SGSI), cria a necessidade de adoptar modelos de planeamento de segurança cada vez mais eficazes nas organizações. Um SGSI pretende garantir a utilização das boas práticas de gestão da segurança da informação, bem como a utilização de mecanismos que maximizem a eficácia dos seus sistemas de informação. Neste sentido, e face aos factores de insucesso verificados na literatura, e aos modelos estudados ao longo da revisão bibliográfica, o principal objectivo deste estudo foi o de procurar analisar o contributo de um mecanismo de auto-avaliação interna prévia na implementação de um SGSI numa organização. O estudo de caso do Ministério das Obras Publicas Transportes e Comunicações ? Secretaria-Geral (MOPTC-SG), apresenta um procedimento de auto-avaliação interna com base nos controlos (ISO/IEC 27002:2005, 2005), aferindo o grau de conformidade do organismo, níveis de performance, níveis de exposição e vulnerabilidade, procedimentos de consciencialização e responsabilização. Os resultados parecem indicar que a utilização destes processos, além de complementar os modelos existentes, permite um conhecimento mais abrangente, consciente, eficaz e antecipado do risco, garantindo à organização uma implementação e utilização mais eficiente dos seus SGSI.
The importance of information protection, associated with factors that may influence the failure of Information Security Management Systems (ISMS) implementation, create the need for more effective security planning models in organizations. An ISMS seeks to ensure the use of good information security management practices, as well as the use of mechanisms that maximize the effectiveness of existing information systems. In this line of thought, given some failure factors observed in the literature, and the models studied throughout the literature review, the main goal of this study was to analyze the possible contribution of an internal self-assessment mechanism prior to the implementation of an ISMS in an organization. The case study of the Secretary-General of the Ministry of Public Works Transport and Communication (MOPTC-SG), presents on such internal self-assessment based on industry standard controls (ISO / IEC 27002:2005, 2005). This set of controls represent a framework that measures the degree of organization compliance, levels of performance, levels of exposure and vulnerability, awareness and accountability procedures. The results seem to show that by using these processes, complemented by existing models, a more comprehensive knowledge, awareness, and early risk assessment a more efficient implementation can be achieved.
Piña, Remigio Gabriela. "IMPLEMENTACIÓN DE SEGURIDAD EN LA INFRAESTRUCTURA DE RED PARA LA DIFUSIÓN DEL PROGRAMA DE RESULTADOS ELECTORALES PRELIMINARES 2017 EN EL ESTADO DE MÉXICO BAJO LA NORMA ISO/IEC 27001:2013." Tesis de Licenciatura, Universidad Autónoma del Estado de México, 2018. http://hdl.handle.net/20.500.11799/99629.
Full textAlexandria, João Carlos Soares de. "Gestão de segurança da informação - uma proposta para potencializar a efetividade da segurança da informação em ambiente de pesquisa científica." Universidade de São Paulo, 2009. http://www.teses.usp.br/teses/disponiveis/85/85131/tde-22092011-095831/.
Full textThe increase of the connectivity in the business environment, combined with the growing dependency of information systems, has become the information security management an important governance tool. Information security has as main goal to protect the business transactions in order to work normally. In this way, It will be safeguarding the business continuity. The threats of information come from hackers attacks, electronic frauds and spying, as well as fire, electrical energy interruption and humans fault. Information security is made by implementation of a set of controls, including of the others politics, processes, procedures, organizational structures, software and hardware, which require a continuous management and a well established structure to be able to face such challenges. This work tried to search the reasons why the organizations have difficulties to make a practice of information security management. Many of them just limit to adopt points measures, sometimes they are not consistent with their realities. The market counts on enough quantity of standards and regulations related to information security issues, for example, ISO/IEC 27002, American Sarbanes-Oxley act, Basel capital accord, regulations from regulatory agency (such as the Brazilians ones ANATEL, ANVISA and CVM). The market researches have showed that the information security implementation is concentrated on a well-defined group of organization mainly formed by large companies and from specifics sectors of economy, for example, financial and telecommunication. However, information security must be done by all organizations that use information systems to carry out their activities, independently of its size or economic area that it belongs. The situation of information security in the governmental sector of Brazil, and inside its research institutions, is considered worrying by the Brazilian Court of Accounts (TCU). This research work presents an assessment and diagnostic proposal of information security, applied in the form of a data survey, which intend to be a tool that can be used as a starting point to foment debates about information security concerns into organization. This can lead them to a well-structured information security implementation. The referred proposal is specially addressed to those organizations that do not have the profile that put them among those companies which are forced to follow some law or regulation. But in the same way they need to protect their information assets to reach their goals and their business objectives.
Hensl, Marek. "Zavedení ISMS pro základní školu." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2017. http://www.nusl.cz/ntk/nusl-318615.
Full textKrídla, Matúš. "Návrh zavedení bezpečnostních opatření pro danou společnost." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2021. http://www.nusl.cz/ntk/nusl-444607.
Full textTomko, Michal. "Návrh zavedení bezpečnostních opatření na základě ISMS pro malý podnik." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2019. http://www.nusl.cz/ntk/nusl-402087.
Full textBystrianska, Lucia. "Vplyv regulácií ISO 27001 a SOX na riadenie bezpečnosti informácií podniku." Master's thesis, Vysoká škola ekonomická v Praze, 2015. http://www.nusl.cz/ntk/nusl-203998.
Full textValášková, Martina. "Návrh bezpečnostních opatření v souladu s ISMS pro zdravotnické zařízení." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2020. http://www.nusl.cz/ntk/nusl-417805.
Full textPino, Malpica Isabel Corina. "Análisis de los factores de éxito y limitantes para la implementación de la norma técnica peruana Iso NTP/IEC 27001;2014 2A. Edición en la Municipalidad provincial de Huancayo–I trimestre 2018." Bachelor's thesis, Universidad Continental, 2019. http://repositorio.continental.edu.pe/handle/continental/5527.
Full textLind, Fredrik. "Informationssäkerhet inom kommuners administrativa verksamhet." Thesis, Högskolan i Skövde, Institutionen för informationsteknologi, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-11102.
Full textKonzen, Marcos Paulo. "GESTÃO DE RISCOS DE SEGURANÇA DA INFORMAÇÃO BASEADA NA NORMA NBR ISO/IEC 27005 USANDO PADRÕES DE SEGURANÇA." Universidade Federal de Santa Maria, 2013. http://repositorio.ufsm.br/handle/1/8276.
Full textNos últimos anos, cada vez mais novas ameaças e vulnerabilidades surgem comprometendo a segurança das informações em sistemas de Tecnologia da Informação e Comunicações (TIC), e muitas organizações encontram-se despreparadas para lidar com os riscos de segurança da informação, tornando-as mais vulneráveis às ameaças, e os impactos negativos causados pelos incidentes de segurança tendem a ser mais frequentes. A implantação de uma gestão de riscos de segurança da informação baseada no conjunto das melhores práticas é fundamental, porém ainda um desafio para a maioria das empresas. Este trabalho propõe uma metodologia de gestão de riscos baseada na norma NBR ISO/IEC 27005:2008, que apresenta uma sequência de atividades e uma série de diretrizes e objetivos que devem ser alcançados para que o gerenciamento dos riscos seja efetivo. Como na maioria das normas e modelos de referência, elas não descrevem como as atividades devem ser implementadas, o que acaba dificultando a sua adoção por organizações menos experientes em processos de segurança. A reutilização de soluções já testadas e consolidadas para resolver problemas recorrentes de segurança pode auxiliar na garantia de utilização de melhores práticas. Estas soluções podem ser encontradas em padrões de segurança que capturam e documentam o conhecimento de especialistas em segurança, mas se desconhece a sua aplicação para desenvolver atividades das normas de gestão de riscos. Desta forma, este trabalho faz uma revisão das diretrizes da norma NBR ISO/IEC 27005:2008 e de catálogos de padrões, a fim de identificar padrões de segurança para desenvolver as atividades de acordo com as diretrizes descritas pela norma. Portanto, a principal contribuição deste trabalho é o desenvolvimento de uma metodologia de gestão de riscos centrada em soluções, tarefas e técnicas descritas por 22 padrões de segurança. Uma análise e avaliação de riscos utilizando padrões de segurança foi aplicada em um CPD de uma instituição privada de ensino superior, cujo resultado mostra o risco final de cada ativo, atendendo as diretrizes da norma NBR ISO/IEC 27005:2008.
Palarczyk, Vít. "Zavedení ISMS v malém podniku." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2015. http://www.nusl.cz/ntk/nusl-224894.
Full textSvoboda, Milan. "Zavedení ISMS v malém podniku." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2016. http://www.nusl.cz/ntk/nusl-241114.
Full textŠebrle, Petr. "Zavedení ISMS do podniku podporujícího kritickou infrastrukturu." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2017. http://www.nusl.cz/ntk/nusl-318630.
Full textKutiš, Pavel. "Management bezpečnosti informačních systémů v obci." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2013. http://www.nusl.cz/ntk/nusl-224220.
Full textKornelly, Aleš. "Budování bezpečnostního povědomí na střední a vyšší odborné škole." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2016. http://www.nusl.cz/ntk/nusl-241448.
Full textŠumbera, Adam. "Zavedení managementu bezpečnosti informací v podniku dle ISO 27001." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2013. http://www.nusl.cz/ntk/nusl-224217.
Full textArriaga, Rosado Estefanía. "Gestión de claves y control de acceso a un sistema web educativo basada en la norma ISO/IEC 27001:2005." Tesis de Licenciatura, Universidad Autónoma del Estado de México, 2016. http://hdl.handle.net/20.500.11799/58260.
Full textMenčík, Jan. "Systém řízení bezpečnosti informací společnosti BluePool s.r.o." Master's thesis, Vysoká škola ekonomická v Praze, 2017. http://www.nusl.cz/ntk/nusl-359161.
Full textKubík, Lukáš. "Informační bezpečnost jako jeden z ukazatelů hodnocení výkonnosti v energetické společnosti." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2017. http://www.nusl.cz/ntk/nusl-318305.
Full textJustino, Salinas Zully Isabel. "Diseño de un sistema de gestión de seguridad de información para una empresa inmobiliaria alineado a la norma ISO/IEC 27001:2013." Bachelor's thesis, Pontificia Universidad Católica del Perú, 2015. http://tesis.pucp.edu.pe/repositorio/handle/123456789/6045.
Full textTesis
Kosek, Jindřich. "Zavedení ISMS v malém podniku se zaměřením na ICT infrastrukturu." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2014. http://www.nusl.cz/ntk/nusl-224444.
Full textKrčmář, Josef. "Návrh managementu bezpečnosti informací v malém účetním podniku." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2016. http://www.nusl.cz/ntk/nusl-241313.
Full textKlepárník, Roman. "Návrh zavedení nutných oblastí ISMS ve veřejné správě." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2018. http://www.nusl.cz/ntk/nusl-378365.
Full textSörensen, Robin. "Utvärdering av gapanalys för informationssäkerhet." Thesis, Högskolan i Skövde, Institutionen för informationsteknologi, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-11103.
Full textFernández, Fernández Dámaris. "Modelo de gestión de riesgos de TI de acuerdo con las exigencias de las SBS, basados en las ISO/IEC 27001, ISO/IEC 17799, Magerit para la Caja de Ahorro y Créditos Sipán SA." Bachelor's thesis, Chiclayo, 2015. http://tesis.usat.edu.pe/jspui/handle/123456789/483.
Full textFernández, Fernández Dámaris, and Fernández Dámaris Fernández. "Modelo de gestión de riesgos de TI de acuerdo con las exigencias de las SBS, basados en las ISO/IEC 27001, ISO/IEC 17799, Magerit para la Caja de Ahorro y Créditos Sipán SA." Bachelor's thesis, Universidad Católica Santo Toribio de Mogrovejo, 2015. http://tesis.usat.edu.pe/handle/usat/540.
Full textTesis
Vásquez, Ojeda Agustín Wilmer. "Diseño de un Sistema de Gestión de Seguridad de Información para la empresa Neointel SAC basado en la norma ISO/IEC 27001:2013." Bachelor's thesis, Universidad Peruana de Ciencias Aplicadas (UPC), 2020. http://hdl.handle.net/10757/652123.
Full textThis thesis work aims to Design an Information Security Management System (ISMS), to improve the quality of the service of the Call Center of the company Neointel SAC. In this sense, this model details the most effective way in which the Call Center will deal with its information security risks, based on Annex A of ISO / IEC 27001: 2013, which allows reducing and mitigating the risks of information assets. Likewise, the technological vulnerabilities to which the Call Center is exposed can be reduced. On the other hand, the design of this work allows us to classify the main information assets, as well as to determine the main information risks to which they are exposed and how the information security risks aligned with the objectives of deal. Finally, the roles and responsibilities within the organizational structure of an Information Security Management System (ISMS) are defined and a risk treatment plan on information assets is proposed, which has allowed the establishment of company its own security procedures, which can be seen in the policies that comprise it.
Tesis
Štukhejl, Kamil. "Návrh zavedení ISMS ve veřejné správě." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2019. http://www.nusl.cz/ntk/nusl-399673.
Full textHuamán, Monzón Fernando Miguel. "Diseño de procedimientos de auditoría de cumplimiento de la norma NTP-ISO/IEC 17799:2007 como parte del proceso de implantación de la norma técnica NTP-ISO/IEC 27001:2008 en instituciones del estado peruano." Bachelor's thesis, Pontificia Universidad Católica del Perú, 2014. http://tesis.pucp.edu.pe/repositorio/handle/123456789/5582.
Full textTesis
Johnson, Luciano. "Proposta de uma estrutura de análise de maturidade dos processos de segurança da informação com base na norma ABNT NBR ISO/IEC 27002: 2005." reponame:Repositório Institucional da UFPR, 2013. http://hdl.handle.net/1884/32224.
Full textBerríos, Mesía César Augusto, and Cam Martín Augusto Rocha. "Propuesta de un modelo de sistema de gestión de la seguridad de la información en una pyme basado en la norma ISO/IEC 27001." Bachelor's thesis, Universidad Peruana de Ciencias Aplicadas (UPC), 2015. http://hdl.handle.net/10757/581891.
Full textEl presente proyecto propone un modelo de Sistema de Gestión de la Seguridad de la Información (SGSI) para su implementación en una pequeña y mediana empresa (pyme), con la finalidad de obtener, en un futuro, la certificación ISO 27001 de manera sencilla, a un bajo costo y con los tiempos de implementación reducidos. Para el desarrollo de este proyecto se realiza un análisis exhaustivo de la familia de normas ISO/IEC 27000, con la finalidad de identificar los requerimientos mínimos necesarios para la implementación de un SGSI en una pyme. En base a lo analizado, se elabora el diseño de un modelo de SGSI que permita su posterior implementación en una pyme. Asimismo, se elabora el procedimiento de implementación del modelo, el cual permite a una pyme poder implementar el modelo por sus propios medios. Por último, se realiza la aplicación del modelo propuesto, según la metodología establecida, en una pyme del Perú para comprobar su viabilidad y brindar un ejemplo de implementación para los futuros interesados en el proyecto. El objetivo a largo plazo de este proyecto es facilitar la implementación de un SGSI para una pyme por sus propios medios, para poder salvaguardar su información y poder distinguirse de la competencia.