Skip to main content
SpringerLink
Log in

Implementation of IT Security and Risk Management Process for an Academic Platform

  • Conference paper
  • First Online:
Digital Science (DSIC18 2018)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 850))

Included in the following conference series:

  • 1267 Accesses

Abstract

Nowadays, technological risks and information security are important processes of management and administration for public and private institutions. This is due to the obliquity of technology in the development of business processes, and its level of impact on organizational goals and objectives. This work implements a process for identifying, measuring, controlling and monitoring the IT risks that would allow the prevention and reduction of the losses due to the materialization of these types of risks in a Higher Education Institution. The risks analysis was applied to the information assets associated to two institutional critical processes that could cause material, financial, operational and image damages. In general, the results allowed to identify the high, medium and low level risk. Also, it was presented an action plan that included mitigation control to counteract the effects of identified risks, as well as its probability of occurrence, an estimated budget, and feasibility the analysis of implementing these countermeasures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Isaca: Risk IT, Marco de Riesgos de TI, basado en COBIT (2009)

    Google Scholar 

  2. Solís, G.: Cobit y la Administración de Riesgos (2008)

    Google Scholar 

  3. Asamblea Nacional del Ecuador: Constitución del Ecuador (2008)

    Google Scholar 

  4. Asamblea Nacional del Ecuador: Ley Orgánica de Educación Superior (LOES) (2010)

    Google Scholar 

  5. Alhawari, S., Jarrah, M.A.A., Hadi, W.E.: Implementing risk management processes into a cloud computing environment. In: Global Business Expansion: Concepts, Methodologies, Tools, and Applications, pp. 951–963. IGI Global (2018)

    Google Scholar 

  6. Instituto Nacional Electoral de Mexico: Metodología de Administración de Riesgos – Procesos. Sistema de control interno institucional INE (2014)

    Google Scholar 

  7. Schou, C., Hernandez, S.: Information Assurance Handbook: Effective Computer Security and Risk Management Strategies. McGraw-Hill Education Group, New York City (2014)

    Google Scholar 

  8. Fuenzalida, R., Ambrosio, E.: Riesgo Tecnológico. Su medición como prioridad para el aseguramiento tecnológico (2011)

    Google Scholar 

  9. Consejo de Evaluación: Acreditación y Aseguramiento de la Calidad de la Educación Superior CEAACES. Modelo de Evaluación Institucional de Universidades y Escuelas Politécnicas (2015)

    Google Scholar 

  10. Contraloría General del Estado de Ecuador: Normas de control interno para las entidades, organismos del sector público y personas jurídicas de derecho privado que dispongan de recursos públicos (2009)

    Google Scholar 

  11. Chaitanya, B., Kodukula, K., Tai-hoon, K.: A dependency analysis for information security and risk management. Int. J. Secur. Appl. 9(8), 205–210 (2015)

    Google Scholar 

  12. UPEL: Venezuela: Universidad Pedagógica Experimental Libertador, p. 7 (1998)

    Google Scholar 

  13. Ferrer, J.: Conceptos básicos de Metodología de la Investigación (2010)

    Google Scholar 

  14. Hernández, C.R.: Metodología de la Investigación. McGraw-Hill, New York City (2011)

    Google Scholar 

  15. Comité de Supervisión Bancaria de Basilea: Buenas prácticas para la gestión y supervisión del riesgo operativo (2003)

    Google Scholar 

  16. Chanchala, J., Umesh Kumar, S.: Information security risks management framework–a step towards mitigating security risks in university network. J. Inf. Secur. Appl. 35, 128–137 (2017)

    Google Scholar 

  17. ISO/IEC 27001:2013 Information Technology: Security Techniques – Information Security Management Systems – Requirements. International Organization for Standardization (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Facultad de Ciencias Matemáticas y Física, Ciudadela Universitaria “Salvador Allende”, Universidad de Guayaquil, Av. Delta y Av. Kennedy, Guayaquil, Ecuador

    Lidice Haz, Manuel Eduardo Flores Morán, Ximena Acaro, Carlos Julio Guzman & Luis Espin

Authors
  1. Lidice Haz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manuel Eduardo Flores Morán
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ximena Acaro
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Carlos Julio Guzman
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Luis Espin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lidice Haz .

Editor information

Editors and Affiliations

  1. Institute of Certified Specialists, Perm, Russia

    Tatiana Antipova

  2. Information Systems and Software Engineering, University of Coimbra, Coimbra, Portugal

    Alvaro Rocha

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Haz, L., Morán, M.E.F., Acaro, X., Guzman, C.J., Espin, L. (2019). Implementation of IT Security and Risk Management Process for an Academic Platform. In: Antipova, T., Rocha, A. (eds) Digital Science. DSIC18 2018. Advances in Intelligent Systems and Computing, vol 850. Springer, Cham. https://doi.org/10.1007/978-3-030-02351-5_43

Download citation

Publish with us

Policies and ethics

Search

Navigation