Elaboración de la propuesta de declaración de aplicabilidad para el sistema de gestión de seguridad de la información en la facultad de ciencias informáticas bajo las normas ISO/IEC 27001: 2005

Abstract

This research work is one of many tasks that must be fulfilled to achieve the objective of the "Information Security Management System under the ISO 27001 standards", a project of which they are part and which will be implemented in the Faculty of Computer Science in based on compliance and completion of tasks. This research was carried out not only to meet a parameter of the computer security project to be implemented in the academic unit, but also to publicize the impact of the declaration of applicability and the ISO standards used in it, this means that the Management of information security in the Faculty is reduced to the declaration of applicability where all the stipulative norms that should be applied with their due justification and the documents that corroborate it will be found. In order to prepare the declaration of applicability, two previous activities linked to each other and linked to the declaration of applicability were made, we have as an initial activity the "Evaluation and Treatment of Risk Analysis of the Faculty of Computer Science" subject investigated and prepared by: “Guerrero Bravo Gema Lilibeth, and Mera Quintero Evelyn Janira ". And the "Establishment of a Contingency and Continuity Plan for Computer Services provided by the FACCI" theme investigated and prepared by "Dominguez Alvia Victor Armando" Most organizations begin to understand that the most important asset is the information they handle, all this can easily be lost in the face of external threats (natural disasters, equipment thefts) and internal threats (outdated so, viruses, theft, social engineering ), thanks to the lack of measures and controls implemented. Because in Facultad de Ciencias Informáticas, this has already happened, we opted for an Information Security Management System under the ISO / IEC 27001: 2005 standards to keep your information safe with your IT assets and get ISO certifications at the computer security level. This study focuses on the preparation of the declaration of applicability, will allow the Academic Unit to adapt to the monitoring of the project to be implemented according to assets, risks, and threats, thus achieving non-obsolescence of the information security management system and the required certifications required and raised.