Auditoría informática de la seguridad de la información bajo las normas ISO/IEC 17799, en la Red de Estructura de Finanzas Populares y Solidarias de Chimborazo (REFICH), período 2012

Abstract

In the presented thesis has been carried out an Audit of the Computing Security of the information under the rules ISO/IEC 17799, in the Network Structure of Popular and Solidarity Finances of Chimborazo, with the purpose of showing the existing vulnerabilities in the Security of the Information in Control and Monitoring Department of the same entity is reflected after doing the Strengths Weaknesses Opportunities and Threats (SWOT) analysis and evaluating the level of internal control through the questionnaires applied in each of the parameters indicating the standard ISO/IEC 17799, these being the most prominent of the Security Personnel, Communication and Operations Management, Access Control and Business Continuity. The finding identified were that the entity does not have confidentiality agreements in contracts, which the seatbacks of the information is not done in a timely manner, which is easy access to key, and that has not been considered a plan to continuous improvement of business. Performing the respective recommendations in the Audit Report to the Executive Director of the Network Structure of Popular and Solidarity Finances of Chimborazo, which contribute to the improvement of the processes of information management at the entity.