Plan de implementación del sistema de gestión de seguridad de la información basado en la norma ISO 27001:2013

Correa Morales, Jorge Andrés

Please use this identifier to cite or link to this item: http://hdl.handle.net/10609/96946

Title:	Plan de implementación del sistema de gestión de seguridad de la información basado en la norma ISO 27001:2013
Author:	Correa Morales, Jorge Andrés
Tutor:	Segovia Henares, Antonio José
Abstract:	This document consolidates the experience obtained studying the mastery; Different technical and methodological aspects studied helped to design and development the implementation plan of the Information Security Management System (ISMS), which is the subject of this document. Specifically, the implementation plan was developed for a fictitious consultancy company called Consultora JC S.A.S. This document describes the main characteristics of the company, and the results of the initial diagnosis about its information security status, regarding the NTC-ISO-IEC 27001: 2013 standard. Likewise, within the ISMS implementation plan work, the general security policy and the main procedures for its operation were developed. Also, the information security risks management methodology was defined based on the standards NTCISO 31000: 2009 and NTC-ISO 27005: 2008. The indicators to measure the performance of the System were defined too. As an essential mechanism within the information security strategy, a risk analysis was carried out, and its results allowed to establish thirteen projects related to the implementation of security controls to guarantee the information protection, establishing the necessary elements for the operation of the system in an environment of resource optimization and continuous improvement.
Keywords:	ISMS information security ISO/IEC 27001
Document type:	info:eu-repo/semantics/masterThesis
Issue Date:	Jun-2019
Publication license:	http://creativecommons.org/licenses/by-nc-nd/3.0/es/
Appears in Collections:	Trabajos finales de carrera, trabajos de investigación, etc.