Resumo

MIRANDA CAIRO, Michel et al. Methodology for the Implementation of Automated Management of Computer Security Controls. Rev cuba cienc informat [online]. 2016, vol.10, n.2, pp. 14-26. ISSN 2227-1899.

The information security management should be seen as a well-defined process, with the ability to be incrementally and continuously improved. The high number of controls implemented in a dynamic information system involves a huge effort from the staff responsible for the protection of the information. That is why this paper presents a methodology based on the integration of several models, standards, tools and best practices for implementing automated management of computer security controls, combining several methods focused on risk management with an automation approach during the operation, monitoring and revision of an Information Security Management System. Having in mind that nearly 30% of the controls gathered in the international standard ISO/IEC 27002 can be automatized, the application of this research could lead to archive a less complex and more effective computer security management, and this affirmation is validated by a statistic analysis that shows a reduction of the complexity and an increment in the efficiency based in costs of time and effort required by the process in both cases by a factor near to 90%.

Palavras-chave : automation; computer security; controls; information systems; methodology.

        · resumo em Espanhol     · texto em Espanhol     · Espanhol ( pdf )