• Implementación de la gestión de cambios basada en ITIL para la empresa IT Expert

      Díaz Amaya, Edgar; Sotero Rejas, Juan Manuel; Vásquez Vidal, Daniel Alberto (Universidad Peruana de Ciencias Aplicadas (UPC), 2016-07-08)
      This project arises from the need of the IT Expert Company to align their IT management practices to international standards that assure their customers that IT managed services are under globally accepted practices. The importance of this project is that change management is a fundamental process within the lifecycle of most services offered in the IT services catalog of IT Expert and by not having a differentiated and well-defined treatment, it does not allow to fulfill the Service Level Agreements, which ends up generating dissatisfaction and distrust on customers of the company. The main objective of this project is to implement the ITIL change management process in IT Expert and for that we follow, in parallel, general guidelines of two methodologies The Information System Lifecycle (Developing deliverables of the Analysis, Design, Implementation and Operation phase) and Project Management (Developing deliverables of the Inception, Planning, Implementation, Validation, Control and Closing phase). The final deliverables of the project allow IT Expert to operate the change management process as a whole from the perspective of ITIL. In addition, these deliverables are a new way of working (new process), new tools (change management software and process templates) and a commitment of the IT Expert and the School of Engineering and Computer Systems authorities to offer a better service through a controlled change management. The results show that, although with the new process the time needed to provide the catalog services increases, thanks to this increase (justified by the activities of the change management process) you have greater control of the risk and impact of changes and therefore it decreases the number of incidents due to poorly executed changes. Likewise, the information generated by the change management process is an elemental knowledge asset for the IT service management in IT Expert.
      Acceso abierto
    • Modelo de prevención y defensa contra ataques cibernéticos basado en estandares de seguridad internacionales para It-Expert

      Díaz Amaya, Edgar; Guillinta Chavez, Oscar; Merino Rivera, José Luis (Universidad Peruana de Ciencias Aplicadas (UPC), 2016-08-01)
      PwC , in the Global Survey of Information Security 2014, shows that detected security incidents have increased by 25% over the previous year and the financial costs of incidents have increased 18% . Every day is clear that organizations are more exposed to risks that could pose major economic losses and loss of corporate image to their clients. However, the current reality shows that companies are unaware of the benefits of investing in the protection of their technological resources; that is, they are exposed every second to be attacked because of their poor security scheme. Meanwhile, every day more computer criminals attack information systems, innovate techniques to make their work more efficient, and are just waiting for people or companies who are vulnerable. In response, to proactively protect organizations of a possible cyber attack, a security model that takes two approaches is proposed: defensive and preventive. The pillars of this model are concentrated in two security standards internationally recognized: NIST SP 800-30 and NIST SP 800-115. NIST 800-30 standard identifies the main risks to which an organization is exposed and define strategies to lessen the impact of a possible threat. Although the definition of a scheme to manage risk can improve levels of protection, it is necessary to consider that every day thousands of vulnerabilities are discovered in information technologies, which are only waiting for a person who uses them for illegal purposes. To address this problem, the model uses the standard NIST 800-115 with programs that help to identify, analyze and rectify the major vulnerabilities of systems in real time and automated. By integrating both standards, optimum safety levels are achieved in an organization, based on proactive vulnerability management and mitigation of risk levels.
      Acceso abierto