Tesis
Propuesta de un plan de seguridad para prevenir las vulnerabilidades en la plataforma informática del Cuerpo de Bomberos, Gobierno Autónomo Descentralizado Municipal de Santo Domingo, empleando las normas ISO 27001.
Fecha
2021-01-29Registro en:
Pinango Bayas, Álvaro Humberto. (2021). Propuesta de un plan de seguridad para prevenir las vulnerabilidades en la plataforma informática del Cuerpo de Bomberos, Gobierno Autónomo Descentralizado Municipal de Santo Domingo, empleando las normas ISO 27001. Escuela Superior Politécnica de Chimborazo. Riobamba.
Autor
Pinango Bayas, Álvaro Humberto
Resumen
The objective for this research work was to propose a security plan to prevent vulnerabilities in the computer platform of the Fire Department of the Municipal GAD of Santo Domingo, using the ISO 27001 standards, for which, penetration tests were carried out on said computer platform for the detection of vulnerabilities, while a security plan based on security policies of the ISO 27001 standard was implemented for their prevention. The vulnerability detection was based on 8 of the 10 security risks outlined in OWASP Top 10-2017, using Nessus, Vega, BurpSuite and Zenmap, Kali Linux (metasploit) as scanning and exploitation tools, which allowed identifying flaws of security such as: malicious code injection, loss of authentication, exposure of sensitive data, loss of access control, improper security control, use of components with known vulnerabilities and insufficient registration and monitoring; It was determined that computer platform presented all 8 established vulnerabilities, therefore, it was concluded that the platform was 100% vulnerable, which is why the security plan was created with improvement guidelines according to the vulnerabilities found, same which was implemented for a trial period of two months, resulting in a significant improvement in the level of security, reducing the existing vulnerabilities in said platform from 8 to 2, resulting in the implementation of the security plan an improvement of 75 % in the security of the institution's computer platform. That is recommended to continue implementing security policies to generate a preventive culture in employees and thus continue to avoid risk situations.