Scientia et technica

Model information security management system for entry-level educational institutions.

Carlos Arturo Blandón Jaramillo, Alejandra María Benavides Sepúlveda

Resumen


— The Ministry of Information and Communication Technologies (MINTIC) has established guidelines for the implementation of information security management systems (ISMS) in state entities. Public education is a service and a right of children enshrined in the Political Constitution of Colombia, circumscribed in Regulatory Decree 1078/2015, which contains once again the guidelines for the implementation of the online government strategy - GEL, Including an ISMS based on the standard NTC ISO/IEC 27001. The project consists of carrying out a risk analysis based on the guidelines of ISO 27005, identifying the critical assets of the academic secretariat area of educational institutions - basic level and associated risks, to generate a risk management plan That allows to propose a declaration of applicability, as well as to analyze the regulations of the Ministry of Education, of MINTIC and the requirements of the norm NTC ISO/IEC 27001 that allow a general model that facilitate the implementation of an ISMS in this type of institutions. The resulting model complies with the mandatory requirements established in the NTC ISO/IEC 27001 standard and provides a basis for ensuring the safety, integrity and confidentiality of sensitive information of children, complying with the relevant provisions of the education sector, Privacy of information.

Palabras clave


Análisis de riesgos; Confidencialidad; Disponibilidad; Instituciones educativas; Integridad; Seguridad

Texto completo:

PDF


DOI: http://dx.doi.org/10.22517/23447214.15861

Enlaces refback

  • No hay ningún enlace refback.