Buenas prácticas de seguridad en las bases de datos aplicado al subsistema permisos del Departamento de Talento Humano en la Escuela Superior Politécnica de Chimborazo.

Abstract

The objective of the present study is to create a manual that encompasses techniques for preserving security in databases, for this a total of 13 good practices were obtained that preserve databases by mitigating specific vulnerabilities in the research. After having collected information and defined different methods of filtered to obtain it properly, the content was condensed according to the needs. We did the permission system maintenance with the modification of user stories comprising 40% of the system, 60% of it was supplemented by adding new functionalities, obtaining 33 user stories in total. We utilized the agile SCRUM methodology and the Dart language through the Flutter framework for the maintenance of the permission system. We applied the Deming cycle provided by the ISO 27001 standard for the creation of the guide to good database security practices, the methodology closure phase SCRUM defined the completion of the system maintenance and we proceeded to check the accomplishment of the good practices through the Check List that contains 13 punctualities. The version 1.0 permission system was maintenance-free and gave a result of the Check list of 23.07%, later the version 2.0 permission system gave a result of 92.30% of accomplishment with the Check list, after having compared these results, the 69.23% corresponding to the percentage of security improvement. Therefore, we recommended the use the manual of good security practices in the databases to improve security in future developments and keep the information intact and well protected.