Diseño de sistema de gestión de seguridad de la información (SGSI) basado en norma ISO 27001:2022 en empresa San Services S. De R. L.
Loading...
Date
2025-05-08
Journal Title
Journal ISSN
Volume Title
Publisher
Universidad Tecnológica Centroamericana UNITEC
Abstract
San Services S. de R.L. brinda diferentes servicios que manejan información sensible de sus clientes, proveedores y colaboradores, la cual es susceptible a amenazas como ciberataques, interrupciones de servicios, vulnerabilidades, entre otras. El siguiente trabajo tiene como propósito presentar un análisis y proponer un diseño de un Sistema de Gestión de la Seguridad de la Información (SGSI) basado en el estándar internacional ISO 27001:2022 para salvaguardar la integridad, confidencialidad y disponibilidad de la información de San Services S. de R.L. Los resultados de la investigación se obtuvieron mediante fuentes de información como encuestas y entrevistas a personas claves tomados del área de TI para realizar un análisis de brechas y determinar el estado actual de la empresa en cuanto a la seguridad de la información con respecto a los requisitos de la norma ISO 27001 así como la identificación, análisis y evaluación de las amenazas utilizando herramientas como matriz de riegos y uso de metodología MAGERIT y se elaboró el documento que determina el alcance y límites del SGSI dentro de San Services S. de R.L. La investigación se desarrolló bajo una metodología de investigación con un enfoque mixto y con un alcance exploratorio descriptivo. San Services presentó al final un nivel de cumplimiento aceptable frente a la implementación de un SGSI y también se definieron los riegos clave con su respectiva serie de acciones para contrarrestarlos. Finalmente se desarrolló un estudio de aplicabilidad con un plan de implementación del SGSI mediante el seguimiento de varias fases.
San Services S. de R.L. offers different services that deal with sensible information from its customers, suppliers and collaborators, and it’s susceptible to threats like cyber-attacks, denial of service, vulnerabilities, among other. The following research has as its purpose to present an analysis and propose a design of an Information Security Management System (ISMS) based on the ISO 27001:2022 standard to safeguard the integrity, confidentiality and availability of the information of San Services S. de R.L. The results of this research were obtained through information sources like surveys and interviews done to key people inside the IT area in order to do a breach analysis and determine the current status of the company in regards of information security with regard of the requisites of the ISO 27001 as well as the identification, analysis and assessment of the threat making use of tools like risk matrix and the MAGERIT methodology and a document was created that determines the range and limits of the ISMS inside San Services S. de R.L. The research was developed following a mixed focus with a descriptive explorative range. San Services showcased a fulfillment level that was acceptable against the implementation of an ISMS and the key threats were identified along with their corresponding counter actions. Finally, an applicability study was done with an implementation plan of the ISMS divided into several phases.
San Services S. de R.L. offers different services that deal with sensible information from its customers, suppliers and collaborators, and it’s susceptible to threats like cyber-attacks, denial of service, vulnerabilities, among other. The following research has as its purpose to present an analysis and propose a design of an Information Security Management System (ISMS) based on the ISO 27001:2022 standard to safeguard the integrity, confidentiality and availability of the information of San Services S. de R.L. The results of this research were obtained through information sources like surveys and interviews done to key people inside the IT area in order to do a breach analysis and determine the current status of the company in regards of information security with regard of the requisites of the ISO 27001 as well as the identification, analysis and assessment of the threat making use of tools like risk matrix and the MAGERIT methodology and a document was created that determines the range and limits of the ISMS inside San Services S. de R.L. The research was developed following a mixed focus with a descriptive explorative range. San Services showcased a fulfillment level that was acceptable against the implementation of an ISMS and the key threats were identified along with their corresponding counter actions. Finally, an applicability study was done with an implementation plan of the ISMS divided into several phases.
Keywords
Ciberseguridad, ISO 27001, Riesgos