Diseño de un plan de mitigación de riesgos para los activos de TI del Instituto Ecuatoriano de la Propiedad Intelectual
Public and private entities are threatened by risks that attack the integrity, confidentiality and availability of the active IT (information technology) which can lead to losses in the organization if they are not adequately controlled. In the present project is explained the concepts related to t...
| Autor Principal: | Alomoto Luna, Alex Ramiro |
|---|---|
| Otros Autores: | Cuichan Simba, Gustavo Antonio |
| Formato: | bachelorThesis |
| Idioma: | spa |
| Publicado: |
2017
|
| Materias: | |
| Acceso en línea: |
http://dspace.ups.edu.ec/handle/123456789/14631 |
| Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| Sumario: |
Public and private entities are threatened by risks that attack the integrity, confidentiality and availability of the active IT (information technology) which can lead to losses in the organization if they are not adequately controlled.
In the present project is explained the concepts related to the AGR (analysis and management of risk) methodologies, standards and tools that provide the guidelines needed to reduce the risks in front of a threat.
It is important that public entities, dedicated to offering services, have a plan of Risks Mitigation for TI assets to guarantee the continuity of the service. That is why, there has been seen the need to develop an analysis and risk management in the Unit of Management of Technological Development of the IEPI considering to the MAGERIT methodology.
As a first instance is performed the analysis of risk which has a set of steps to estimate the magnitude of the risks to which it is exposed an organization and in second instance is the management of risk which is the selection and implementation of measures to mitigate, transfer, avoid, or accept the identified risks.
The PILAR tool has been taken into account as an aid to the AGR from an information system following the MAGERIT methodology. Finally, the Risk Mitigation plan for the IEPI IT assets based on the AGR was developed with the implementation of measures to mitigate the risk to an acceptable level. |
|---|