Análisis de riesgos en la infraestructura informática de la oficina de tecnologías de la información y comunicaciones de la municipalidad distrital de belén 2023
No Thumbnail Available
Date
2024-06-10
Journal Title
Journal ISSN
Volume Title
Publisher
Universidad Científica del Perú
Abstract
En la presente tesis se muestra a la Municipalidad Distrital de Belén enfrentando desafíos
significativos relacionados con la seguridad de su infraestructura informática, debido a la
creciente interconexión y dependencia de tecnologías de la información en sus
operaciones. Esta situación se ve agravada por la falta de una evaluación integral de los
riesgos en su infraestructura informática. El objetivo principal del estudio es realizar
dicha evaluación para garantizar la protección adecuada de la información gestionada
por la municipalidad, para lograr este objetivo, se establecieron tres objetivos
específicos: evaluar los riesgos, evaluar las vulnerabilidades y evaluar la eficacia de los
controles de seguridad en la infraestructura informática. La metodología utilizada
combina enfoques descriptivos y exploratorios, así como métodos cuan titativos y
cualitativos. Se emplearon técnicas de recolección de datos como encuestas
estructuradas, análisis de registros de incidentes pasados y evaluaciones de riesgos
cualitativas y cuantitativas, los resultados obtenidos revelaron deficiencias específicas
en la infraestructura informática que podrían comprometer la confidencialidad,
integridad y disponibilidad de la información de la municipalidad. Se identificaron
diferentes tipos de incidentes y vulnerabilidades, así como un porcentaje variable de
implementación y actualización de controles de seguridad. Además, se determinó el
tiempo promedio de respuesta y mitigación de incidentes de seguridad.
In this thesis, the District Municipality of Belén is shown facing significant challenges related to the security of its IT infrastructure, due to the increasing interconnection and dependence on information technologies in its operations. This situation is exacerbated by the lack of a comprehensive risk assessment of its IT infrastructure. The main objective of the study is to conduct such an assessment to ensure the proper protection of the information managed by the municipality. To achieve this goal, three specific objectives were established: to assess risks, to evaluate vulnerabilities, and to assess the effectiveness of security controls in the IT infrastructure. The methodology used combines descriptive and exploratory approaches, as well as quantitative and qualitative methods. Data collection techniques such as structured surveys, analysis of past incident records, and qualitative and quantitative risk assessments were employed. The results obtained revealed specific deficiencies in the IT infrastructure th at could compromise the confidentiality, integrity, and availability of the municipality's information. Different types of incidents and vulnerabilities were identified, as well as a variable percentage of implementation and updating of security controls. Additionally, the average response and mitigation time for security incidents were determined.
In this thesis, the District Municipality of Belén is shown facing significant challenges related to the security of its IT infrastructure, due to the increasing interconnection and dependence on information technologies in its operations. This situation is exacerbated by the lack of a comprehensive risk assessment of its IT infrastructure. The main objective of the study is to conduct such an assessment to ensure the proper protection of the information managed by the municipality. To achieve this goal, three specific objectives were established: to assess risks, to evaluate vulnerabilities, and to assess the effectiveness of security controls in the IT infrastructure. The methodology used combines descriptive and exploratory approaches, as well as quantitative and qualitative methods. Data collection techniques such as structured surveys, analysis of past incident records, and qualitative and quantitative risk assessments were employed. The results obtained revealed specific deficiencies in the IT infrastructure th at could compromise the confidentiality, integrity, and availability of the municipality's information. Different types of incidents and vulnerabilities were identified, as well as a variable percentage of implementation and updating of security controls. Additionally, the average response and mitigation time for security incidents were determined.
Description
Keywords
Vulnerabilidades, Riesgos, Seguridad, Informática, Vulnerabilities, Risks, Security, IT
Citation
Collections
Endorsement
Review
Supplemented By
Referenced By
Creative Commons license
Except where otherwised noted, this item's license is described as info:eu-repo/semantics/openAccess