Abstract
Nowadays, technological risks and information security are important processes of management and administration for public and private institutions. This is due to the obliquity of technology in the development of business processes, and its level of impact on organizational goals and objectives. This work implements a process for identifying, measuring, controlling and monitoring the IT risks that would allow the prevention and reduction of the losses due to the materialization of these types of risks in a Higher Education Institution. The risks analysis was applied to the information assets associated to two institutional critical processes that could cause material, financial, operational and image damages. In general, the results allowed to identify the high, medium and low level risk. Also, it was presented an action plan that included mitigation control to counteract the effects of identified risks, as well as its probability of occurrence, an estimated budget, and feasibility the analysis of implementing these countermeasures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Isaca: Risk IT, Marco de Riesgos de TI, basado en COBIT (2009)
Solís, G.: Cobit y la Administración de Riesgos (2008)
Asamblea Nacional del Ecuador: Constitución del Ecuador (2008)
Asamblea Nacional del Ecuador: Ley Orgánica de Educación Superior (LOES) (2010)
Alhawari, S., Jarrah, M.A.A., Hadi, W.E.: Implementing risk management processes into a cloud computing environment. In: Global Business Expansion: Concepts, Methodologies, Tools, and Applications, pp. 951–963. IGI Global (2018)
Instituto Nacional Electoral de Mexico: Metodología de Administración de Riesgos – Procesos. Sistema de control interno institucional INE (2014)
Schou, C., Hernandez, S.: Information Assurance Handbook: Effective Computer Security and Risk Management Strategies. McGraw-Hill Education Group, New York City (2014)
Fuenzalida, R., Ambrosio, E.: Riesgo Tecnológico. Su medición como prioridad para el aseguramiento tecnológico (2011)
Consejo de Evaluación: Acreditación y Aseguramiento de la Calidad de la Educación Superior CEAACES. Modelo de Evaluación Institucional de Universidades y Escuelas Politécnicas (2015)
Contraloría General del Estado de Ecuador: Normas de control interno para las entidades, organismos del sector público y personas jurídicas de derecho privado que dispongan de recursos públicos (2009)
Chaitanya, B., Kodukula, K., Tai-hoon, K.: A dependency analysis for information security and risk management. Int. J. Secur. Appl. 9(8), 205–210 (2015)
UPEL: Venezuela: Universidad Pedagógica Experimental Libertador, p. 7 (1998)
Ferrer, J.: Conceptos básicos de Metodología de la Investigación (2010)
Hernández, C.R.: Metodología de la Investigación. McGraw-Hill, New York City (2011)
Comité de Supervisión Bancaria de Basilea: Buenas prácticas para la gestión y supervisión del riesgo operativo (2003)
Chanchala, J., Umesh Kumar, S.: Information security risks management framework–a step towards mitigating security risks in university network. J. Inf. Secur. Appl. 35, 128–137 (2017)
ISO/IEC 27001:2013 Information Technology: Security Techniques – Information Security Management Systems – Requirements. International Organization for Standardization (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Haz, L., Morán, M.E.F., Acaro, X., Guzman, C.J., Espin, L. (2019). Implementation of IT Security and Risk Management Process for an Academic Platform. In: Antipova, T., Rocha, A. (eds) Digital Science. DSIC18 2018. Advances in Intelligent Systems and Computing, vol 850. Springer, Cham. https://doi.org/10.1007/978-3-030-02351-5_43
Download citation
DOI: https://doi.org/10.1007/978-3-030-02351-5_43
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02350-8
Online ISBN: 978-3-030-02351-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)