SGSI para el área académica en la Unidad Educativa Excelso Espíritu Santo 2023-2024.

Abstract

This project aims to implement a Information Security Management System (ISMS) for the academic area of Unidad Educativa Excelso Espíritu Santo. This system is designed to protect the institution's IT equipment. To achieve this goal, interviews were conducted with the person in charge of the IT equipment in the classrooms and surveys were administered to the teachers. These actions helped identify the issue related to the lack of information security policies and controls. An audit was conducted following the four phases of ISO 27001. First, the maturity level of the ISMS was determined using two instruments: one to assess compliance with requirements and another to assess compliance with controls. The results indicated that the maturity level in information security management is medium, with a percentage value of 67%. Additionally, a risk analysis was performed, which involved developing five questionnaires to evaluate controls for preventing theft, equipment damage, fire, flooding, and malware. The results showed that the security level in the institution’s classrooms is medium, with a percentage of 44%. The risks with the highest probability of occurrence were identified, with fire, flooding, and malware being the most significant. Finally, a security policy manual was developed to improve the protection of equipment at Unidad Educativa Excelso Espíritu Santo, providing teachers with tools and guidelines to enhance security in their daily educational activities.