Auditoría a la gestión de seguridad de la información en la escuela básica Heriberto Rodríguez Angulo.

Abstract

As part of this project, a security management audit was conducted at Heriberto Rodríguez Angulo Elementary School, located in the canton of El Carmen. The objective was to evaluate the existing security issues within the institution. To support the work, the topics addressed were bibliographically founded. A survey was conducted among the teachers and an interview was held with Director Marco Antonio Caja, who is also responsible for the school's IT area. The purpose was to identify whether the institution has a regulation for the use of the laboratory, to assess the condition of the equipment, and to verify compliance with certain security requirements. It was concluded that the teachers are not very familiar with the existing security requirements and controls within the institution. The proposal included conducting a security audit in the IT area using the ISO 27001 methodology. Three instruments were applied: a requirements evaluation, a control compliance assessment, and a risk analysis questionnaire. These instruments helped identify risks and policy deficiencies within the institution. The results showed a low level of compliance with the requirements (17%) and controls (26%), highlighting the need for significant improvements. Finally, the creation of an information security management manual was proposed. This manual will include guidelines to prevent adverse situations, such as potential damage to computer equipment and environmental conditions that may affect the school's facilities.