Implementation of access controls for a professional practice management system

DOI: 10.48168/innosoft.s11.a80
PURL: 42411/s11/a80
ARK: ark:/42411/s11/a80
Keywords: Web information system, professional practices, ISO/IEC-27001, SCRUM, access control

Abstract

This article presents a web information system that will facilitate the management of professional practices at the National University of Trujillo. For this, an agile SCRUM methodology was applied because it is adaptable to the constant changes in the software development process and the access controls provided by the ISO 27001:2013 standard with the aim of guaranteeing the integrity, authenticity and availability of data. the information assets that the system possesses. The results obtained support the implementation of two-factor authentication and digital signature as essential controls for information management according to the calculated reliability. It is concluded that the access controls provide security in the information handled in the system according to the trust tests.

Downloads

Download data is not yet available.

References

Dronov, V.Y. and Dronova, G.A. Principles of Information Security Management System - Journal of Physics: Conference Series. Disponible: https://iopscience.iop.org/article/10.1088/1742-6596/2182/1/012092 (Accedido: November 25, 2022).

Molina, D. 2002, Material de Apoyo Instruccional. Curso Orientación Educativa. Barinas: Unellez.

Tatiara, R., Fajar, A.N., Siregar, B. & Gunawan, W. 2018, "Analysis of factors that inhibiting implementation of Information Security Management System (ISMS) based on ISO 27001", Journal of Physics: Conference Series. (Accedido: November 26, 2022).

Congreso de la República. Ley No 28518. Ley sobre Modalidades Formativas Laborales. (2018, 12 diciembre). SITEAL. https://siteal.iiep.unesco.org/sites/default/files/sit_accion_files/pe_6114.pdf

RODRIGUEZ PEROJO, Keilyn & RONDA LEON, Rodrigo. (2006). El web como sistema de información. ACIMED [online]. 2006, vol.14, n.1. ISSN 1024-9435.

Xavier Albaladejo. Qué es SCRUM. (2021, 20 septiembre). Proyectos Ágiles. https://proyectosagiles.org/que-es-scrum/

Sistema de gestión de seguridad de la información. (2022, 25 diciembre). Orientación - Presidencia del Consejo de Ministros - Gobierno del Perú. https://www.gob.pe/14086-sistema-de-gestion-de-seguridad-de-la-informacion

ISOTools Chile. (2017, 14 diciembre). Cómo la autenticación de dos factores permite cumplir con los controles de acceso ISO 27001. https://www.isotools.cl/como-la-autenticacion-de-dos-factores-permite-cumplir-con-los-controles-de-acceso-iso-27001/

Apple. (2022, 11 noviembre). Autenticación de doble factor para el ID de Apple. Apple Support. https://support.apple.com/es-es/HT204915

Soto, L. (2022, 22 noviembre). ¿Qué es una firma digital? https://blog.signaturit.com/es/que-es-una-firma-digital

Norma ISO 27001. (2013). ISO 27002 punto por punto A9 Control de acceso - Caso Práctico. (s. f.-b). ISO 27001. https://normaiso27001.es/a9-control-de-acceso/

What is ISO 27001 and How To Get an ISO 27001 Certification. (s. f.). NQA Certification Body. https://www.nqa.com/es-pe/certification/standards/iso-27001

Margarita Labastida Roldán, José Luis Ruiz Islas & Fernando Saldaña Ramírez. (2019). SSGPP: Sistema de Semi-Automatización y Gestión de Prácticas profesionales. Iztatl Computación, 15, 48. https://ingenieria.uatx.mx/docs/RevistaIztatlComputacionNo15.pdf

Nica Latto. (2020). ¿Qué es la autenticación de doble factor (2FA)? ¿Por qué la necesita? Blog AVG Signal. https://www.avg.com/es/signal/what-is-two-factor-authentication

Junta de Andalucía. (2012). Control de Acceso y Autenticación. Marco de Desarrollo de la Junta de Andalucía. https://www.juntadeandalucia.es/servicios/madeja/contenido/subsistemas/desarrollo/control-acceso-y-autenticacion

Received: 2022-10-12
Accepted: 2022-12-03
Published: 2023-03-30
Contributor Roles
Robert Emmanuel Torres Correa: Edisson Alejandro Galvez Mori: Jorge Valdivia Valderrama: Alberto Carlos Mendoza de los Santos:
How to Cite
[1]
R. E. Torres Correa, E. A. Galvez Mori, J. Valdivia Valderrama, and A. C. Mendoza de los Santos, “Implementation of access controls for a professional practice management system”, Innov. softw., vol. 4, no. 1, pp. 37-51, Mar. 2023.
Issue
Vol 4 No 1 (2023): March - August
Section
Journal papers

Copyright (c) 2023 Innovation and Software

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The authors exclusively grant the right to publish their article to the Innovation and Software Journal, which may formally edit or modify the approved text to comply with their own editorial standards and with universal grammatical standards, prior to publication; Likewise, our journal may translate the approved manuscripts into as many languages as it deems necessary and disseminates them in several countries, always giving public recognition to the author or authors of the research.

Crossref
Scopus
Google Scholar
Europe PMC

Most read articles by the same author(s)

1 2 > >>