Please use this identifier to cite or link to this item:
http://hdl.handle.net/10609/97008
Title: | Elaboración de un plan de implementación de la ISO/IEC 27001:2013 de la empresa TECNOSOFT |
Author: | Zugazaga Echebarria, Silvia |
Tutor: | Segovia Henares, Antonio José |
Abstract: | The project presented in this document is part of the Final Master's Project of the Interuniversity Master's Degree in Information and Communications Technology Security. The objective is the development of an Implementation Plan for an Information Security Management System in the fictitious organization TECNOSOFT, a small company dedicated to the implementation of IT solutions, following the ISO / IEC 27001: 2013 standard. Firstly, the organization on which the project is carried out has been described and a differential analysis has been carried out regarding the ISO 27001: 2013 and ISO 27002: 2013 standards to know the starting point of the project. In the second phase, the necessary documents have been defined for compliance with the ISO 27001: 2013 security policy, internal auditing procedure, indicator management, review procedure by the Directorate, management of roles and responsibilities, declaration of applicability and risk analysis methodology. Then, in phase 3, the risk analysis of the organization was carried out following the MAGERIT methodology. For this, all the assets of the organization have been identified and valued. Subsequently, the possible threats to which the organization is exposed have been analyzed and, finally, the impact and potential risk of each of the identified assets has been obtained. In the fourth phase, several projects have been planned to be carried out in order to reduce the main risks encountered and thus improve the security status of the organization's information. In phase 5, the degree of maturity of the organization has been obtained with respect to the ISO 27002: 2013 and 27001: 2013 standards and the results obtained have been presented. After having completed all phases of the project, the security of the organization's information has been improved. |
Keywords: | ISMS security master plan Magerit |
Document type: | info:eu-repo/semantics/masterThesis |
Issue Date: | Jun-2019 |
Publication license: | http://creativecommons.org/licenses/by-nc-nd/3.0/es/ |
Appears in Collections: | Trabajos finales de carrera, trabajos de investigación, etc. |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
Resumen_ejecutivo_ZugazagaEchebarria_Silvia.ppt | 831 kB | Microsoft Powerpoint | View/Open | |
Presentación_organización_ZugazagaEchebarria_Silvia.ppt | 2,56 MB | Microsoft Powerpoint | View/Open | |
Presentación_dirección_ZugazagaEchebarria_Silvia.ppt | 1,76 MB | Microsoft Powerpoint | View/Open | |
szugazagaeTFM0619memoria.pdf | Memoria del TFM | 67,64 MB | Adobe PDF | View/Open |
szugazagaeTFM0619presentación.pdf | Presentación en PDF del TFM | 1,44 MB | Adobe PDF | View/Open |
szugazagaeTFM0619resumen_ejec.pdf | Resumen ejecutivo del TFM | 788,57 kB | Adobe PDF | View/Open |
Share:
This item is licensed under a Creative Commons License