Desarrollo de un sistema de gestión para la seguridad de la información basado en metodología de identificación y análisis de riesgo en bibliotecas universitarias

Abstract

The primary objective of this research study is to apply an information management system based on analysis methodology and risk identification for university library processes. The ISO/IEC 27001:2013 standard is adapted and applied by using the MARGERIT methodology to assess a university library. The results obtained from the intrinsic and effective risk calculations show the presence of safeguards and the evaluation of impacts. The percentage of influence in each risk by quality process is established, corrective measures are identified, and record formats are incorporated. It is concluded that incorporating the proposed formats to develop quality indicator controls and audits allow optimizing the information security management system (SGSI, in Spanish) of university library processes. (English) [ABSTRACT FROM AUTHOR]