Auditoría informática a la gestión de seguridad de la información a “YERAY Electrodomésticos”.

Abstract

The research originated in the current context, where the protection of information has become an invaluable asset for organizations. Objectives were established to evaluate compliance with requirements, the GAP analysis, and security controls at Repuestos y Electrodomésticos Yeray. This analysis included walkthroughs of the facilities, interviews with administrators responsible for information management, and surveys of employees and customers. Through these activities, a diagnosis was obtained regarding how the organization managed information and protected its resources. The IT audit project was based on the methodology and forms provided by ISO 27001, an international standard for implementing, managing, maintaining, and improving an Information Security Management System (ISMS). The results of the checklists revealed that Yeray Electrodomésticos had a 37% compliance rate with security requirements, with a 63% GAP. Additionally, a 63% non-compliance was identified in the evaluation of security controls. These findings highlighted a concerning state of vulnerability in the company, making it susceptible to cybersecurity risks. Based on these findings, the implementation of a Manual of Good Practice Policies was recommended to address identified deficiencies and strengthen existing measures to protect information.