Proposal of an information security plan to increase the reliability of data in a financial company

DOI: 10.48168/innosoft.s6.a39
PURL: 42411/s6/a39
ARK: ark:/42411/s6/a39
Keywords: Data, Management, Information, ISO/IEC 27002, Plan, SGSI

Abstract

The main function of the financial institution is to offer its services for the placement of cards, loans, etc., to the clients who request it in its different establishments. Given this, it was identified that there are activities in the bank that are generating mishandling of information by staff towards customers, which is causing claims from them due to inconsistency of the data that results in the disaffiliation of their services. For this reason, a proposal for an information security plan was developed in the processes and areas of Ripley bank, with the objective of increasing the reliability of its data, achieving the three principles for an ISMS such as availability, integrity and confidentiality. . To achieve this objective, the ISO / IEC 27001 and 27002 standards were selected to apply the controls of the information security plan proposal in the Ripley bank, being clearly established those responsible and the information that is handled in each of the processes and areas. As a result, the scope of the plan was carried out, as well as defining the policies, risk management analysis, priority was given to the management of information by areas, in addition, the bank's assets were analyzed where the reliability of the data is guaranteed, then the defined the plan applying the controls of ISO / IEC 27002. It was concluded to define the indicators to evaluate the information security plan proposal to increase the reliability of its data.

Downloads

Download data is not yet available.

References

Moreira, M. (2015). Auditoría del sistema informático del ministerio de transporte y obras públicas. España: Escuela politécnica nacional.

Mega, G. (2014). Metodología de Implementación de un SGSI en un grupo Empresarial Jerarquico. Montevideo-Uruguay: Universidad de la República.

Pressman, R. (2013). Ingeniería del Software. McGraw Hill, 10-15.

Security, F. O. (5 de Mayo de 2017). Federal Office for Information Security – Germany. Obtenido de “The IT Security Situation in Germany in 2017: http://www.bsi.bund.de/english/publications/securitysituation/Lagebericht_2017_englisch.pdf

Grundschutz, G. (8 de Junio de 2017). Federal Office for Information Security – Germany. Obtenido de http://www.bsi.bund.de/

Guerra, A., & Mantilla, R. (2009). Diseño de un Sistema de Gestión de Seguridad de la Información para Cooperativas de Ahorro y Credito en Base a la norma ISO 27001.

SBS. (15 de Enero de 2017). Superintendecia de Banca , Seguros y AFP. Obtenido de https://www.sbs.gob.pe/

Aguilar, M., & Villena, A. (2015). Sistema de Gestión de Seguridad de la Información en una Institución Financiera. TESIS PUCP, 6-9.

BCRP. (15 de Enero de 2017). Banco de Reserva del Perú. Obtenido de http://www.bcrp.gob.pe/sitios-de-interes/entidades-financieras.html.

Bendermacher, J. (s.f.). Auditoría interna y auditoría externa. Obtenido de https://global.theiia.org/translations/PublicDocuments/GPI-Distinctive-Roles-in-Organizational-Governance-Spanish.pdf

Betarte, G. (2014). Information Security – Security conscious. Uruguay. Obtenido de https://www.fing.edu.uy/inco/pedeciba/bibliote/cpap/tesis-pallas.pdf

Munoz, G. Wastewater treatment for the U.C. Davis Arboretum. Recuperado de: http://lda.ucdavis.edu/people/2013/GMunoz.pdf Tomado el 04/01/2015.

Córdova, L., & Muñoz, R. (2014). Planeamiento Estratégico de Tecnología de Información de Banco Ripley Perú. Tesis - UPC, 20-30.

Franco, D., & Guerrero, C. (2013). Sistemas de Controles de la Seguridad Informática basado en ISO/IEC 27002. 5-8.

Gomez, G. (2016). Interpretación de la Norma ISO/IEC 27001:2013. Informe de investiagacion, Universidad ESAN, Lima.

Indacochea, A. (2012). Una Propuesta para mejorar las prácticas de Gobierno Corporativo en el Perú. CENTRUM,Pontificia Universidad Catolica del Perú, 12-15.

Mantilla, A. (junio de 2009). Diseño de un sistema de seguridad de la información para cooperativas de ahorro y crédito en base a la norma ISO 27001. Obtenido de http://bibdigital.epn.edu.ec/bitstream/15000/8108/1/CD-2254.pdf

Muñoz, R. (2017). Planeamiento Estratégico de Tecnología de la Información de Banco Ripley Perú. Lima: Repositorio UPC.

NCh-ISO. (2013). Tecnología de Información-Técnicas de Seguridad -Sistema de Gestión de Seguridad de la Información. Norma Chilena - 27001, 1-2.

SBS. (15 de Enero de 2017). Superintendecia de Banca , Seguros y AFP. Obtenido de https://www.sbs.gob.pe/

Received: 2021-05-12
Accepted: 2021-06-24
Published: 2021-09-30
Contributor Roles
Wilmer Aufredy Apaza Chávez:
How to Cite
[1]
W. A. Apaza Chávez, “Proposal of an information security plan to increase the reliability of data in a financial company”, Innov. softw., vol. 2, no. 2, pp. 27-43, Sep. 2021.
Issue
Vol 2 No 2 (2021): September - February
Section
Journal papers

Copyright (c) 2021 Innovation and Software

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The authors exclusively grant the right to publish their article to the Innovation and Software Journal, which may formally edit or modify the approved text to comply with their own editorial standards and with universal grammatical standards, prior to publication; Likewise, our journal may translate the approved manuscripts into as many languages as it deems necessary and disseminates them in several countries, always giving public recognition to the author or authors of the research.

Crossref
Scopus
Google Scholar
Europe PMC