Metodología de auditoria informática utilizando técnicas y herramientas de hacking ético para la evaluación de vulnerabilidades en la seguridad informática en empresas del sector metal mecánico de Manabí.

Abstract

During the last years, information has become the most important asset for any organization. Due to the innumerable computer attacks and the different ways in which computer media are exposed, it becomes extremely important to have control and supervision strategies that provide the necessary assurances, which allow to demonstrate the state of computer security within the companies in the metal-mechanic sector of Manabí. The focus of this research is to analyze various methodologies for conducting computer audits. Initially based on bibliographic reviews for the management of computer security, a comparative analysis of various methodologies was carried out in order to adequately define the one that best suits our research. To evaluate the current state of computer security, a structural survey was used, which was applied to the different department heads of the computer science area of the companies that make up the metal-mechanic sector with the objective of obtaining data on the level of computer security. existing. As a result of the analysis, it was possible to determine that the OSSTMM methodology is adequate for this work, the same one that provides an easy implementation based on the manual of open testing methodologies using ethical hacking techniques as a tool to diagnose, find, discover and mitigate. computer vulnerabilities, in this way to be able to activate a mechanism to prevent computer attacks and guarantee the reliability, availability and integrity of the information.