Introduction
The wide development of new information technologies is offering a new field of action for antisocial and criminal behaviors manifested in ways previously impossible to imagine, offering the possibility of committing crimes to institutions or organizations. Crimes that have always been traditional continue to be carried out, but the way they are carried out or carried out is no longer a traditional way and they are increasingly manifested in crimes that have to do with information technologies. Information security requires a set of methodologies, practices and procedures that seek to protect the information, the equipment and its environment, in order to minimize the threats and continuous risks to which they are exposed, in order to ensure continuity in the IT processes that the organization carries out.The objective of this paper is to point out the relevance of the strengths that the Technological Institute of the Guadiana Valley has in terms of security policies and to determine which variables frequently affect the areas considered critical.
Materials and methods
The study was carried out with the application of a survey to those in charge of the different areas of the ITVG, in order to obtain information about the security that prevails in this Institution, a physical visit was also made to verify the implements with which account to secure equipment, safeguard operating systems, and protect information. The evaluation instrument used was a written survey with its corresponding answer sheet, where the security policies that prevail in the Technological Institute of the Guadiana Valley were investigated, the evaluation instrument was applied to those responsible for the computer center as well as to those responsible for the information systems that the Institution has,To verify the information, an observation visit was made to the physical facilities, the results are analyzed, and they are reflected in a document to make a judgment about the security that prevails in these offices or agencies. The measurement instruments were made with 92 questions and / or queries. To collect the information, a measurement instrument was used that involves the most important aspects of the ISO / IEC 17799 Standard.To collect the information, a measuring instrument was used that involves the most important aspects of the ISO / IEC 17799 Standard.To collect the information, a measuring instrument was used that involves the most important aspects of the ISO / IEC 17799 Standard.
Results and Discussion
This part concentrates the analysis of the data obtained from the survey applied at the Institute, this survey was based on ten aspects such as: security policies, organizational aspects for security, classification and control of assets, security linked to personnel, physical and environmental security, communications and operations management, access control, systems development and maintenance, information security incident management, business continuity management and legal compliance. In the analysis of the questionnaire, each safety aspect is examined separately and graphs of each are shown. For the data analysis, we proceeded to obtain the results of all aspects of the Information Security Good Practices Guide (taken in part from ISO / IEC 17999).With the information already evaluated, the next step is to issue a result which shows the evidence to know if it is in accordance with the instrument applied. Figure 1 shows only the aspect concerning the Organizational Aspects of Security, in which eight questions / queries were made. Figure 2 shows Security Linked to Personnel, in this section ten questions / queries were made. It should be noted that only two aspects of the ten are shown in total and that belong to the quality standard (ISO / IEC 17799 Standard).Figure 1 shows only the aspect concerning the Organizational Aspects of Security, in which eight questions / queries were made. Figure 2 shows Security Linked to Personnel, in this section ten questions / queries were made. It should be noted that only two aspects of the ten are shown in total and that belong to the quality standard (ISO / IEC 17799 Standard).Figure 1 shows only the aspect concerning the Organizational Aspects of Security, in which eight questions / queries were made. Figure 2 shows Security Linked to Personnel, in this section ten questions / queries were made. It should be noted that only two aspects of the ten are shown in total and that belong to the quality standard (ISO / IEC 17799 Standard).
Figure 1. Diagram: Organizational Aspects for Safety
Diagram: Organizational Aspects for Safety
Figure 2. Diagram: Security Linked to Personnel
Diagram: Security Linked to Personnel
Conclusions
The results show the following: regarding security policies, the Institute has managers and there is a commitment on the part of the directors, but there is no document that regulates the security aspects of the entire institution; Regarding the organizational aspects of security, there is no security committee made up of all areas of the Institution, but it is fulfilled because the institute gives an assignment of responsibilities to each public servant and has advice from the system's own organisms; In the part of asset classification and control, it is fully fulfilled because the Institution allocates safekeeping vouchers to each department and office; with regard to security related to personnel, there is no disciplinary procedure to further control incidents;Regarding physical and environmental security, there is a perimeter fence and the main door controlled by private security personnel, but there is no underground fiber optic cabling; With regard to access control, access to information services is not controlled through a registration process with a unique identifier for each user, this form binds users and holds them responsible for their actions. For new information systems, managers should ensure that the requirements and acceptance criteria for new systems are clearly defined, agreed, documented, and tested.With regard to access control, access to information services is not controlled through a registration process with a unique identifier for each user, this form binds users and holds them responsible for their actions. For new information systems, managers should ensure that the requirements and acceptance criteria for new systems are clearly defined, agreed, documented, and tested.With regard to access control, access to information services is not controlled through a registration process with a unique identifier for each user, this form binds users and holds them responsible for their actions. For new information systems, managers should ensure that the requirements and acceptance criteria for new systems are clearly defined, agreed, documented, and tested.documented and tested.documented and tested.
Cited literature
- Borghello, Christian F., 2001. Computer Security, its Implications and Implementation. Argentina Carrión, Hugo Daniel. 2001. Thesis "Budgets for the Punishment of Hacking".
