Implementación de un modelo de la seguridad de la información basados en ITIL v3 para una Pyme de TI
Name:
Memoria_ITILGSI_TITULACION_VFi ...
Embargo:
2086-03-01
Size:
2.148Mb
Format:
Microsoft Word 2007
Issue Date
2016-03-01Keywords
Seguridad de la informaciónSistemas de información administrativa
Tecnología de la información
Pequeñas y medianas empresas
Ingeniería de Sistemas de Información
Metadata
Show full item recordAbstract
The purpose of this project is to propose a model for the Management of Information Security by applying ITIL v3, to be implemented in the Small and Medium Enterprises, as in any organization is necessary to minimize the risks and threats that arise. To achieve this, it is essential to have adequate safety management to ensure business continuity. In this situation, the Project Management Information Security for Small Business IT, which has the following phases, arises: The relevant research in the corresponding information security under ITIL V3, which is the framework that is used during the development of the project. The research covers process groups that are applicable for small and medium enterprises. In addition, analysis of the current state of an SME IT in order to model and implement processes Management Information Security based on ITIL V3 applicable to these businesses was obtained. It should be noted that ITIL V3 and best practices are applicable to any organization of different economic activity. In the second phase of the project, a pilot was deployed in a free software tool which supports the processes, controls that are defined for the company. To implement taken to the virtual company UPC: IT-Expert and IT services it manages as part of its processes. Finally, the project aims to define the management processes of information security in SMEs based IT ITIL V3. In the case of the virtual enterprise: IT-Expert by the management model of information security developed, the standard of quality and operability of IT services within the company improved.Type
info:eu-repo/semantics/bachelorThesisRights
info:eu-repo/semantics/openAccessLanguage
spaCollections
Related items
Showing items related by title, author, creator and subject.
-
Implementación de la gestión de configuración para la empresa virtual It Expert basado en Itil V3(Universidad Peruana de Ciencias Aplicadas (UPC), 2016-10-01)The IT Expert Company lacks an optimal process configuration that meets the needs of the company and with the control of the life-cycle of IT assets. For this reason, the project Implementation of Configuration Management for the company IT Expert based on ITIL v3, aims to optimize the configuration process existing in the company, also to plan and control adequately the needs of configuration. In this way, it ensures the availability of all the services provided by the company, so the project is responsible for minimizing the risks with the proposal of a new design processes and a new model data that allows to manage optimally and aligned to good practices in the configurations of the assets of the company. The lack of a proper management of the configuration may have as a result services are vulnerable or not aligned to the needs of the enterprise, causing the breakdown of these. For a proper configuration management and in order to benefit the business, there are good practices that help optimize the configuration process, such as is the case with ITIL v3. ITIL provides a set of good practices to follow and implement, a CMBD that supports the rapid and integrated response of all components of the infrastructure of the company. To follow these good practices, the organization could be more efficient and agile with respect to the configurations that are required to implement in the company. To apply the guide to good practices recommended by ITIL v3, in the process of configuration management, it is necessary to redesign the procedures AS-IS configuration of the IT Expert Company. In addition, the completion of the documentation and processes is an important aspect for keeping the balance between the execution of the configuration and delivery of the service, in order not to affect the users. When the configuration process of ITIL is running interacts with other processes, which are part of this guide of good practices, such as; change management, problem management and incident management. All the processes mentioned above are part of a good configuration management for IT services, as they help to support and ensure the quality of all the services.Acceso abierto
-
Implementación del modelo de gestión de continuidad de servicios ti basado en Itil v3(Universidad Peruana de Ciencias Aplicadas (UPC), 2017-12-01)The main objective of the project is to implement a IT Service Continuity Management model, based on good practices of ITIL V3, in the IT Expert company. The proposed model helps the company to recover the continuity of its IT services in the event of a disaster that affects their continuity. For the development of the project, an investigation was carried out on the management of IT services using as a guide the good practices detailed in ITIL V3 and its numerous success stories around the world. As well as, the use of SCAMPI-C to take control of the numerous work products elaborated in the model implemented. In the first part of the project, the information gathering and elaboration of the processes that IT Expert manages to offer its services to the projects of the other virtual companies is carried out. In addition, all the business analysis is made it use the good practices of ITIL for the realization of the assets of Continuity Management. In the second part of the project, the continuity management model is implemented along with the development of the indicators and pilot tests of the disaster recovery plans are carried out; for these tests, controlled simulations of disasters were carried out. For this project, the following deliverables are considered: a continuity management model for IT services based on the services provided by IT Expert and an article on its implementation.Acceso abierto
-
Propuesta de implementación de un sistema de gestión de seguridad de la información para un Centro de Operaciones de Red basado en la Norma ISO/IEC27001:2013(Universidad Peruana de Ciencias Aplicadas (UPC), 2016-10-01)Presenta desde un enfoque descriptivo la seguridad de información de los activos de los procesos de gestión de incidentes y gestión de cambios del centro de operaciones de red de la empresa con la finalidad de preservar la disponibilidad, integridad y confidencialidad de la información de la misma. Los sistemas de gestión y de información forman parte importante de los procesos productivos y operativos de las empresas, además de ser los factores que determinan la vigencia y competitividad de los mismos, en tal sentido se realiza una evaluación de los principales procesos del centro de operaciones de red de la empresa en la que se centra esta tesis. En el capítulo I, se presenta el marco teórico en el que se describe información relacionada a seguridad de la información. En el capítulo II, se realiza la evaluación y análisis de la problemática actual de la empresa con respecto a seguridad de la información y principalmente del centro de operaciones de red que soporta gran parte de los procesos operativos, mientras que en capitulo III se presenta la propuesta de implementación de un sistema de gestión de seguridad de la información basada en la norma internacional ISO/IEC 27001:2013, que describe cómo gestionar la seguridad de la información. Como punto de partida, se realiza un análisis GAP con el que se identifica que la empresa no tiene procedimientos o controles para mitigar los riesgos de seguridad de la información inherentes al volumen de información operacional actual, lo que ha conllevado a la empresa a tener pérdidas económicas y de imagen debido al pago de penalidades por incumplimientos de los niveles de acuerdo de servicios, pérdida de clientes que no renovaron contrato por insatisfacción del servicio y pérdida de oportunidades de participación en el mercado local debido a que los clientes solicitan como requisito a las empresas proveedoras de servicios de TI contar con la certificación ISO/IEC 27001:2013. Además, se ha realizado un análisis económico del proyecto que contiene costos y tiempo estimado de retorno de la inversión, en el que se observa que la inversión es recuperada en corto tiempo si la empresa decide implementar su sistema de gestión de seguridad de la información.Acceso restringido temporalmente
