Implementación de un modelo de la seguridad de la información basados en ITIL v3 para una Pyme de TI

Abstract

The purpose of this project is to propose a model for the Management of Information Security by applying ITIL v3, to be implemented in the Small and Medium Enterprises, as in any organization is necessary to minimize the risks and threats that arise. To achieve this, it is essential to have adequate safety management to ensure business continuity. In this situation, the Project Management Information Security for Small Business IT, which has the following phases, arises: The relevant research in the corresponding information security under ITIL V3, which is the framework that is used during the development of the project. The research covers process groups that are applicable for small and medium enterprises. In addition, analysis of the current state of an SME IT in order to model and implement processes Management Information Security based on ITIL V3 applicable to these businesses was obtained. It should be noted that ITIL V3 and best practices are applicable to any organization of different economic activity. In the second phase of the project, a pilot was deployed in a free software tool which supports the processes, controls that are defined for the company. To implement taken to the virtual company UPC: IT-Expert and IT services it manages as part of its processes. Finally, the project aims to define the management processes of information security in SMEs based IT ITIL V3. In the case of the virtual enterprise: IT-Expert by the management model of information security developed, the standard of quality and operability of IT services within the company improved.