- Show more
THE SAFETY OF COMPUTER TECHNOLOGY
Currently, computer technology is essential for the overcoming and development of a country. The information that is handled in it is considered an increasingly valuable asset, which can make an organization triumph or break;That is why we must keep it safe. Most companies do not know the magnitude of the problem they face, considering computer security as something secondary and paying little attention to the risks that currently exist, such as: internal threats (human errors). External threats (viruses).
The lack of investment in both human and economic capital very necessary to mainly prevent the damage or loss of information causes that the information is not reliable or integrate and much less available for the company originating in many cases the stoppage of its activitiesleaving a large loss of production and money time. To counteract these effects of the lack of computer security, this work is presented that consists of designing an information security plan, which must follow the financial “financial services of the north” in a short, medium and long term.
It is vital to implement a security plan, however, to implement a proactive plan that indicates how to survive the multiple scenarios will also prepare companies in the management of unexpected threats that it could face in the future. This plan is complemented with security evaluations and a relevant risk analysis that allowed me to design computer security policies as a specific scope of the plan. Design a computer security plan for the “Financial Services of the North” (SEFINDN) information system, through the application of good security practices.
That allow to develop clear policies and standards for the preservation of confidentiality, integrity and availability of information. Specific objectives. Analyze the current state of computer security for financial services of the North. Verify the methodology used for the risk analysis used in financial services of the North. Identify the risks associated with the Northern Financial Services Information System. Determine the possible computer security policies of the Northern Financial Services Information System. Raise the appropriate measures and procedures.
To comply with computer security policies of the Northern Financial Services Information System. Methodology and procedures used. The strategy used for the planning and development of the security plan is based on the XYZ methodology, for the design of a security model. The methodology establishes the design of security policies, standards and procedures for the subsequent development of controls on the company’s information. The following work procedures were used: Interviews for the identification of risks threats and vulnerabilities of the organization with the company’s following staff.
Business Division Manager. Risk Division Manager. Administration and Operations Division Manager. Finance Division Manager. International Business Division Manager. International Business Manager. Legal Advisory Manager. Systems auditor. System Manager. Deputy Computer Security Manager. Computer Security Assistant. Definition and discussion of the organization of the computer security area. Preparation of the Northern Financial Services Information Security Policies taking as reference the standards for related ISO information security.
Current network architecture evaluation and design proposal for network architecture. Diagnosis of the current situation of the Information Security Administration. Carried out our review of the Administration of Information Technology of the Financial Financial Services of the North we have observed that the Information Security Plan (PSI) has not been developed. Although we have observed the existence of standards, procedures and controls that cover different aspects of information security, it is generally lacking a methodology, guide or work frame that helps the identification of risks and determination of controls to mitigate thesame.