Herramienta para auditorías de seguridad informática

Laritza  González Miranda; Raidel Rodríguez Romeu; Rigoberto Samuel Rodríguez Romeu

Authors

Laritza González Miranda Empresa de Soluciones Informáticas DESOFT - Pinar del Río
Raidel Rodríguez Romeu Universidad de Pinar del Río Hermanos Saíz Montes de Oca
Rigoberto Samuel Rodríguez Romeu Centro Provincial de Medicina Deportiva de Pinar del Río

Keywords:

computer security audits, cybersecurity, methodological guide, computer security, computer security management systems

Abstract

The issue of computer security in our country has become a fundamental pillar, since the State has as one of its prioritized activities the computerization of Cuban society, guaranteeing cybersecurity efficiently and effectively. For this reason, updates have been made to our legal basis, approving new Decree-Laws that will govern these processes. However, it is necessary to establish a framework that allows standardizing computer security audits based on what is legislated. Cuba does not have a specific standard for computer security or to carry out audits related to this issue, there are only decree laws, resolutions and the methodology by which the Computer Security Management System prepared by the Office of Security for Computer Networks. This research aims to develop software that allows standardizing the computer security audit process in the country, taking as a reference what is stipulated internationally and contextualizing it to the Cuban reality, having as support the current legislation. The research carried out is descriptive, and Scrum was used as a framework, specifically the Scrum Guide 2020 version. As results, it provides contributions both methodologically and practically. The first of them is given by the elaboration of the guide for carrying out computer security audits, while the second is evidenced in the design and implementation of software that automates the process and provides feedback to users.

References

Azán Basallo, Y., Bravo García, L., Romero, W., Trujil Márquez, D., García Romero, E. y Pimentel Rivero, A. (2014). Solución basada en el Razonamiento Basado en Casos para el apoyo a las auditorías informáticas a bases de datos. Retrieved November 4, 2019, from http://scielo.sld.cu/scielo.php?script=sci_arttext&pid=S2227-18992014000200004

Lawrence D., Bodin, Lawrence A., Gordon, & Martin P. Loeb (2018). Cybersecurity insurance and risk-sharing-Science Direct. Retrieved November 4, 2019, from Science Direct website: https://www.sciencedirect.com/science/article/pii/S0278425418302382

Mesquida, A. L., & Mas, A. (2015). Implementing information security best practices on software lifecycle processes: The ISO/IEC 15504 Security Extension. Computers & Security, 48, 19-34. https://doi.org/10.1016/j.cose.2014.09.003

Ministerio de Comunicaciones (2019). Resolución 128-2019 [Text]. Retrieved November 8, 2019, from Ministerio de Comunicaciones website: https://www.mincom.gob.cu/es/documento-legal/resolucion-128-2019

Ministerio de Comunicaciones (2019). GOC-2019-045 [Text]. Retrieved November 8, 2019, from Ministerio de Comunicaciones website: https://www.mincom.gob.cu/es/documento-legal/GOC-2019-045

Monografias.com, L.D.O.C. (2013). Herramienta informática para la gestión de riesgos en tecnologías de la información-Monografias.com. Retrieved November 11, 2019, fromhttps://www.monografias.com/trabajos99/herramienta-informatica-gestion-riesgos-tecnologias-informacion/herramienta-informatica-gestion-riesgos-tecnologias-informacion3.shtml

Oficina de Seguridad para las Redes Informáticas (OSRI). (n.d.). Retrieved March 15, 2022, fromhttps://www.osri.gob.cu/

Productos /Desoft. (n.d.). Retrieved April 5, 2022, fromhttps://www.desoft.cu/es/productos/166

proyectosagiles.org. (2008). Retrieved 11 30, 2022, from Proyectos Ágiles:https://proyectosagiles.org/beneficios-de-scrum/#:~:text=Los%20principales%20beneficios%20que%20proporciona,y%20basada%20en%20resultados%20tangibles

Ramalingam, D., Arun, S., & Anbazhagan, N. (2018). A Novel Approach for Optimizing Governance, Risk management and Compliance for Enterprise Information security using DEMATEL and FoM. Procedia Computer Science, 134, 365-370. https://doi.org/10.1016/j.procs.2018.07.197

Schwabe, K. y Sutherland, J. (2020). La Guía Definitiva de Scrum: Las Reglas del Juego. Retrieved from https://scrumguides.org/docs/scrumguide/v2020/2020-Scrum-Guide-Spanish-European.pdf