Skip to main content
SpringerLink
Log in

Study of the Maturity of Information Security in Public Organizations of Ecuador

  • Conference paper
  • First Online:
Book cover Technologies and Innovation (CITI 2018)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 883))

Included in the following conference series:

Abstract

The present paper makes a study of the maturity of Information Security Management Systems of the Public Sector of Ecuador. Through a theoretical study, 5 factors were determined that make up an effective Information Security Management System: internal organizational control, information security policy, information security culture, and technical activities for the security of information and new technologies. The five factors were evaluated through a scale to determine the level of maturity of the process of information security from the perception of ICT (Information Technology and Communication) managers of public sector entities. Findings of the analysis showed that technical activities for information security was the factor with a higher level of maturity due to the implementation of technological tools by the personnel of ICT area. On the other hand, internal organizational control was the least mature factor, indicating that this area needs more attention. Despite the requirement of the international standards of information security in most public entities, the process is still at a level of maturity between repeatable and defined.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Secretaria Nacional de Administración Pública: Acuerdo Interministerial 804

    Google Scholar 

  2. Comisión para la Seguridad Informática y de las Tecnologías de la Información: Informe Final

    Google Scholar 

  3. Secretaria Nacional de Administración Pública: Acuerdo ministerial 166

    Google Scholar 

  4. Coram, P., Ferguson, C., Moroney, R.: The value of internal audit in fraud detection. J. Account. Financ. 48(4), 543–559 (2006)

    Google Scholar 

  5. Badara, M.S., Saidin, S.Z.: The Relationship between audit experience and internal audit effectiveness in the public sector organizations. Int. J. Acad. Res. Account. Financ. Manag. Sci. 3(3), 329–339 (2013)

    Google Scholar 

  6. Chen, R.S., Sun, C.M., Helms, M.M., Jih, W.J.K.: Aligning information technology and business strategy with a dynamic capabilities perspective: a longitudinal study of a Taiwanese Semiconductor Company. Int. J. Inf. Manag. 28(5), 366–378 (2008)

    Article  Google Scholar 

  7. AlHogail, A.: Design and validation of information security culture framework. Comput. Hum. Behav. 49, 567–575 (2015)

    Article  Google Scholar 

  8. Hwang, K., Choi, M.: Effects of innovation-supportive culture and organizational citizenship behavior on e-government information system security stemming from mimetic isomorphism. Gov. Inf. Q. 34(2), 183–198 (2017)

    Article  Google Scholar 

  9. Patiño, S., Mosquera, C., Suárez, F., Nevarez, R.: Evaluación de seguridad informática basada en ICREA e ISO27001. Universidad Ciencia y Tecnología 21(85), 129–139 (2017)

    Google Scholar 

  10. Candra, J., Brillyant, O., Tamba, S.: ISMS planning based on ISO/IEC 27001:2013 using analytical hierarchy process at gap analysis phase (case study: XYZ institute). In: Proceedings of 11th International Conference on Telecommunication Systems Services and Applications (TSSA). IEEE, Lombok (2017)

    Google Scholar 

  11. Rukth, L., Afzal, A.: Swiss army knife of software processes generic framework of ISO 27001 and its mapping on resource management. In: Proceedings of 2017 International Conference on Communication Technologies (ComTech). IEEE, Rawalpindi (2017)

    Google Scholar 

  12. Lichtenstein, S.: Factors in the selection of a risk assessment method. Inf. Manag. Comput. Secur. 4(4), 20–25 (1996)

    Article  Google Scholar 

  13. Shedden, P., Scheepers, R., Smith, W., Ahmad, A.: Incorporating a knowledge perspective into security risk assessments. Vine 41(2), 152–166 (2011)

    Article  Google Scholar 

  14. Patiño, S., Solís, E., Yoo, S.G., Arroyo, R.: ICT risk management methodology proposal for governmental entities based on ISO/IEC 27005. In: 2018 Fifth International Conference on eDemocracy and eGovernment (ICEDEG). IEEE (2018)

    Google Scholar 

  15. Vega, R.G., Arroyo, R., Yoo, S.G.: Experience in applying the analysis and risk management methodology called MAGERIT to identify threats and vulnerabilities in an Agro-Industrial Company. Int. J. Appl. Eng. Res. 12(17), 6741–6750 (2017)

    Google Scholar 

  16. Chen, J., Pedrycz, W., Ma, L., Wang, C.: A new information security risk analysis method based on membership degree. Kybernetes 43(5), 686–698 (2014)

    Article  Google Scholar 

  17. Stvilia, B., Gasser, L., Twidale, M.B., Smith, L.C.: A framework for information quality assessment. J. Assoc. Inf. Sci. Technol. 58(12), 1720–1733 (2007)

    Article  Google Scholar 

  18. Shamala, P., Ahmad, R., Zolait, A., Sedek, M.: Integrating information quality dimensions into information security risk management (ISRM). J. Inf. Secur. Appl. 36, 1–10 (2017)

    Google Scholar 

  19. Moon, Y.J., Choi, M., Armstrong, D.J.: The impact of relational leadership and social alignment on information security system effectiveness in Korean governmental organizations. Int. J. Inf. Manag. 40, 54–66 (2018)

    Article  Google Scholar 

  20. Siponen, M., Pahnila, S., Mahmood, A.: Employees’ adherence to information security policies: an empirical study. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) SEC 2007. IIFIP, vol. 232, pp. 133–144. Springer, Boston (2007). https://doi.org/10.1007/978-0-387-72367-9_12

    Chapter  Google Scholar 

  21. Knapp, K.J., Marshall, T.E., Kelly Rainer, R., Nelson Ford, F.: Information security: management’s effect on culture and policy. Inf. Manag. Comput. Secur. 14(1), 24–36 (2006)

    Article  Google Scholar 

  22. Alqahtani, F.H.: Developing an information security policy: a case study approach. Procedia Comput. Sci. 124, 691–697 (2017)

    Article  Google Scholar 

  23. Zakaria, O.: Employee security perception in cultivating information security culture. In: Security Management, Integrity, and Internal Control in Information Systems, pp. 83–92. Kluwer Academic Publishers, Boston (2006)

    Google Scholar 

  24. Soomro, Z.A., Shah, M.H., Ahmed, J.: Information security management needs more holistic approach: a literature review. Int. J. Inf. Manag. 36(2), 215–225 (2016)

    Article  Google Scholar 

  25. Kaufman, L.M.: Data security in the world of cloud computing. IEEE Secur. Priv. 7(4), 61–64 (2009)

    Article  Google Scholar 

  26. Grembergen, W.V.: Strategies for information technology governance. IGI Publishing, Hershey (2003)

    Google Scholar 

  27. Fernández, R., Montero, N.: Propuesta Metodológica para la Gestión de Riesgos Tecnológicos en Empresas Proveedoras de Servicios de Telecomunicaciones (2014)

    Google Scholar 

  28. Yi, M.Y., Davis, F.D.: Developing and validating an observational learning model of computer software training and skill acquisition. Inf. Syst. Res. 14(2), 146–169 (2003)

    Article  Google Scholar 

  29. Flowerday, S.V., Tuyikeze, T.: Information security policy development and implementation: the what, how and who. Comput. Secur. 61, 169–183 (2016)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Escuela de Sistemas y Computación, Pontificia Universidad Católica del Ecuador Sede Esmeraldas, Esmeraldas, Ecuador

    Susana Patiño

  2. Departamento de Informática y Ciencias de la Computación, Escuela Politécnica Nacional, Quito, Ecuador

    Sang Guun Yoo

  3. Departamento de Ciencias de la Computación, Universidad de las Fuerzas Armadas ESPE, Sangolquí, Ecuador

    Sang Guun Yoo

Authors
  1. Susana Patiño
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sang Guun Yoo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sang Guun Yoo .

Editor information

Editors and Affiliations

  1. Facultad de Informática, Universidad de Murcia, Murcia, Spain

    Rafael Valencia-García

  2. Departamento de Filología Moderna, Universidad de Castilla la Mancha, Ciudad Real, Ciudad Real, Spain

    Gema Alcaraz-Mármol

  3. Universidad Agraria del Ecuador, Guayaquil, Ecuador

    Javier Del Cioppo-Morstadt

  4. Universidad Agraria del Ecuador, Guayaquil, Ecuador

    Néstor Vera-Lucio

  5. Universidad Agraria del Ecuador, Guayaquil, Ecuador

    Martha Bucaram-Leverone

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Patiño, S., Yoo, S.G. (2018). Study of the Maturity of Information Security in Public Organizations of Ecuador. In: Valencia-García, R., Alcaraz-Mármol, G., Del Cioppo-Morstadt, J., Vera-Lucio, N., Bucaram-Leverone, M. (eds) Technologies and Innovation. CITI 2018. Communications in Computer and Information Science, vol 883. Springer, Cham. https://doi.org/10.1007/978-3-030-00940-3_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-00940-3_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-00939-7

  • Online ISBN: 978-3-030-00940-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation