Abstract

MARTIN, Tonysé de la Rosa. Automation of an information security management system based on the ISO / IEC 27001 Standard. Universidad y Sociedad [online]. 2021, vol.13, n.5, pp. 495-506.  Epub Oct 02, 2021. ISSN 2218-3620.

The present work aims to describe the requirements for the implementation and the necessary documentation of an Information Security Management System (ISMS). Automation consists of the availability of a template with internal control questions focused on the 3 pillars of information security (confidentiality, integrity, availability) that allows a "Gap-Analysis" to be carried out to measure the level of current maturity with respect to the requirements of the international standard ISO / IEC 27001: 2013, with a radar diagram and thus establish an ISMS or carry out the ISO 27001 certification process that guarantees to minimize risk and protect information on computers or in interconnected systems, since it is one of the most important assets of organizations, ensuring the confidentiality and integrity of the data and information of certain critical or sensitive processes, whose loss, leakage or unavailability of information puts problems in the organization.

Keywords : ISO; security; information; automation; risk; system.

        · abstract in Spanish     · text in Spanish     · Spanish ( pdf )