Direccionamiento y estructuración del sistema de seguridad de la información del Instituto Colombiano del Sistema Nervioso - Clínica Montserrat.
Fecha
2022-06-29Registro en:
Alarcón Aponte, M. V., García Rodríguez, D. F. y Pinzón Lesmes, C. I. (2022). Direccionamiento y estructuración del sistema de seguridad de la información del Instituto Colombiano del Sistema Nervioso - Clínica Montserrat. [Trabajo de maestría, Universidad Santo Tomás]. Repositorio institucional.
reponame:Repositorio Institucional Universidad Santo Tomás
instname:Universidad Santo Tomás
Autor
Alarcón Aponte, María Victoria
García Rodríguez, Duvan Felipe
Pinzón Lesmes, Carolina Isabel
Institución
Resumen
After the gap analysis, it can be shown that by having a quality management system implemented at the ICSN - Montserrat Clinic, solid foundations are identified that allow it to comply with some of the requirements of the NTC-ISO 27001 standard: 2013, in a faster way, this statement is supported by the assessment obtained in the first application of the diagnostic tool of the information management system based on the ISO 27001: 2013 model, attended by 4 clinic officials, whose The result placed the organization institute in an assessment range of 41% to 60% compliance and which indicates that the information and other related aspects are consistent and demonstrable.
The gaps identified were addressed from the generation of documentary proposals focused on compliance with numerals 4.3. Determination of the scope of the information security management system, 5.1. Leadership and commitment, 5.2. Policy, 5.3. Roles, responsibilities and authorities in the organization, 6.1.3. Treatment of information security risks, 6.2. Information security objectives and plans to achieve them, 7.1. Resources, 7.5.1 Documented information - General.
The development of the proposals generated as part of the addressing and structuring phases of the ISMS, allowed having data to establish the planning proposal of the management system under the NTC 27001: 2013 standard to the senior management of the institution, this being a strengthening mechanism for improvement processes that contribute to the achievement of quality levels in health.
Through the application of the diagnosis for the second time, gaps in the strategic component were reduced as a result of the proposals and deliverables of the academic spaces generated within the framework of the research project; the overall result obtained corresponds to classification D: Demonstrable continuous improvement with an overall compliance percentage of 65.04%.