Analysis for the adoption of security standards to improve the management of securities in public organizations

Abstract

Public organizations have the ongoing task of properly managing the security of the information they handle. The objective of this research is to analyze the security standards adopted by public organizations in Ecuador to improve their management of information security. The deductive method was applied for the review and analysis of appropriate standards for public institutions. As a result, information was obtained on the different security policies, standards and guidelines that apply, national and international public organizations. A Diagram of activities for the adoption of standards for public organizations resulted; a prototype standards-based Information Security Management Model; and an Information Security Management Matrix, from which the Risk Mitigation Percentage was calculated. It was concluded that maintaining high levels of security in public organizations requires the adoption of control standards in different areas and the collaboration of the different organizational and hierarchical levels of public organizations.