• Modelo de prevención y defensa contra ataques cibernéticos basado en estandares de seguridad internacionales para It-Expert

      Díaz Amaya, Edgar; Guillinta Chavez, Oscar; Merino Rivera, José Luis (Universidad Peruana de Ciencias Aplicadas (UPC), 2016-08-01)
      PwC , in the Global Survey of Information Security 2014, shows that detected security incidents have increased by 25% over the previous year and the financial costs of incidents have increased 18% . Every day is clear that organizations are more exposed to risks that could pose major economic losses and loss of corporate image to their clients. However, the current reality shows that companies are unaware of the benefits of investing in the protection of their technological resources; that is, they are exposed every second to be attacked because of their poor security scheme. Meanwhile, every day more computer criminals attack information systems, innovate techniques to make their work more efficient, and are just waiting for people or companies who are vulnerable. In response, to proactively protect organizations of a possible cyber attack, a security model that takes two approaches is proposed: defensive and preventive. The pillars of this model are concentrated in two security standards internationally recognized: NIST SP 800-30 and NIST SP 800-115. NIST 800-30 standard identifies the main risks to which an organization is exposed and define strategies to lessen the impact of a possible threat. Although the definition of a scheme to manage risk can improve levels of protection, it is necessary to consider that every day thousands of vulnerabilities are discovered in information technologies, which are only waiting for a person who uses them for illegal purposes. To address this problem, the model uses the standard NIST 800-115 with programs that help to identify, analyze and rectify the major vulnerabilities of systems in real time and automated. By integrating both standards, optimum safety levels are achieved in an organization, based on proactive vulnerability management and mitigation of risk levels.
      Acceso abierto