Marco referencial de seguridad para reducir riesgos en el tratamiento de datos personales en empresas prestadoras de servicios de acceso a internet, utilizando ISO 27001. Caso MUNDOTRONIC.

Abstract

The objective was to design a security frame of reference to reduce the risks involved in the management of personal data, for companies that provide internet services using ISO27001. MUNDOTRONIC Case Study. Moreover, such security frame of reference has been developed by identifying the requirements contained in the Organic Law of Telecommunications, which is linked to 13 domains and 31 controls related to the ISO norm 27001, applicable to internet service providers, in a dynamic way through the Demming cycle. In order to discover the existent vulnerabilities and identify improvement opportunities so to define new and better security solutions. To meet the identified needs, personal data has been categorized and identified according to the recommendations of the Spanish Data Protection Agency. Meanwhile, the impact caused by the threat is determined in relation to the risk that personal data has been exposed to, and its incidence level over the confidentiality, integrity and availability stablished by the MAGERIT methodology. That is to say, the security frame of reference reduces the risks involving the management of personal data of internet service providers, using ISO 27001, which aims to protect clients, users and creditors personal data in order to guarantee data security. Resulting in an increase in clients’ trust by providing legal security and introducing principles and obligations related to corporate governance.