| dc.description.abstract | In industrial food companies, there is critical information for this type of organizations, such as the data of their customers, suppliers, daily transactions and the main characteristics that define a product such as their recipes, manufacturing process, costs, etc. being necessary that all this information is reliably guarded against the possible risks that may materialize at any time.
To protect information systems from increasing levels of cyber threats, organizations currently have the need to establish computer security programs or projects and, because information security policies are a necessary foundation of organizational security programs, there is a need for academic contributions in this area.
For this reason, a research and review of topics related to information security, risk management and computer security policies is proposed in this work to later propose an adequate method consisting of 3 stages and a total of 9 steps for the development and diffusion of security policies based on the identification of the possible risks and vulnerabilities that an organization or an area of the organization presents, by selecting the most appropriate controls of the ISO / IEC 27002 standard, which is an internationally accepted guide of good practices that describe the control objectives and recommended controls regarding the security of information for an organization.
The application of the proposed methodology is carried out as a case study in the production department of an industrial food production company in the city of Cuenca - Ecuador. This work can serve as a reference to other industrial food companies that need to elaborate in a technical and appropriate way their information security policies; however, it could also be used in companies of different types, making the corresponding validations and their application. | |
