Análisis de riesgos y vulnerabilidades como estrategia para la medición de políticas en la gestión de seguridad y privacidad de la información del Centro Industrial de Mantenimiento Integral – SENA Girón

Abstract

In the present research work, the characteristics of the information security and privacy component are evaluated in a public entity applied to a training center that is part of SENA1. The work focuses on the diagnostic phase in a model of security and privacy of information where a risk analysis is performed and vulnerabilities as a strategy for the measurement of policies in security management and information privacy of the Integral Maintenance Industrial Center - SENA Girón; the methodology for the elaboration of the general policy of security and privacy of information for public entities, recommended by the Ministry of Information and Communications Technologies - MINTIC, is considered. It is considered important that the Industrial Center of Integral Maintenance makes a analysis of risks and vulnerabilities to verify the current status and degree of maturity of the Information Security and Privacy Model and the application of policies in security management in the school, in order to identify improvements in the management of the security and define action plans with prioritization of activities that aim to reduce the impact of incidents related to information security. The research line for the present work is Privacy and information security, has a level of exploratory and descriptive research because it seeks to make revisions in the subject of applicability of processes and policies in security and privacy of information as well as identify the level maturity of security and privacy of the information of a centerñ.