Modelo de Ciberseguridad para la Universidad de Cartagena
Fecha
2020
Autores
Pérez González, José David
Título de la revista
ISSN de la revista
Título del volumen
Editor
Ediciones Universidad Simón Bolívar
Facultad de Ingenierías
Facultad de Ingenierías
Resumen
El avance de las nuevas tecnologías ha traído consigo nuevos retos en materia de
seguridad, es importante que se mantengan los principios de confidencialidad,
integridad y disponibilidad para mantener los procesos en la organización, una cosa
es clara y es que algunas características comunes, entre ellas el que no es
necesario tener recursos para cometer ciertos delitos; la posibilidad de anonimato
que ofrece internet y la dificultad técnica que requiere rastrear un ataque ha hecho
que estas modalidades sean atractivas. Con la revisión de la literatura y desde la
perspectiva de diferentes estudio se determinó que es fundamental mantener la
confidencialidad, la integridad, la disponibilidad y la usabilidad autorizada de la
información cobra especial relevancia y plantea la necesidad de disponer de
profesionales idóneos y capaces de asegurar, gestionar y mantener la seguridad de
los datos en sus sistemas ante amenazas presentes y futuras. De igual manera
existen estándares que sirven como modelos referentes para hacer frente a las
nuevas exigencias de las tecnologías en cuanto a seguridad, un modelo de
seguridad sirve como apoyo para lograr mitigar las amenazas y vulnerabilidades. El
objetivo de esta investigación radico en proponer un modelo de seguridad
informática para mitigar posibles ataques cibernéticos en los sistemas de
información de la Universidad de Cartagena UdeC. Se optó por hacer uso de la
investigación en sitio. El modelo de investigación utilizado fue el sistémico
estructural y a su vez un enfoque holístico en investigación que surge como
respuesta a la necesidad integradora delos diversos enfoques, métodos y técnicas,
inicialmente se acudió a las técnicas de observaciones (recolección de datos) que
permitan formar una idea sólida del estudio de la investigación que se está
planteando, de allí la necesidad de utilizar la técnica de clasificación que permitió
agrupar las políticas que mejor se amolden a nuestros objetivos y por último la
técnica de definiciones, ésta no proporcionara las estructuras finales de nuestro
objetivo principal. Con el diagnóstico realizado en la UdeC, se logra obtener una
perspectiva o evaluación de cómo estaban funcionando los procesos relacionados
con las tecnologías de la información y la seguridad de la información, permitiendo
tomar decisiones para el desarrollo de la investigación, al comprender desde el
reconocimiento, análisis y evaluación, las tendencias de uso de la red y de esa
manera solucionar un problema o remediar una dificultad. De igual manera
determinar cuáles son los puntos fuertes y los puntos débiles y comprender con que
elementos se contaba y las posibles vulnerabilidades a las que se podría estar
expuesto. Se definen teóricamente las categorías seleccionadas evidenciando la
importancia que tienen los estándares escogidos, en ese sentido COBIT 5, NIST y la
ISO 27002 en conjunto con los cuales se permiten mantener niveles óptimos de
confidencialidad, integridad y disponibilidad de la información debido a su
complementariedad. El modelo permite evidenciar que las categorías escogidas se
complementan de tal manera que brindan las herramientas necesarias para mitigar
y/o contrarrestar vulnerabilidades y amenazas, debido a que, con ellas, se encuentra
un apoyo en el uso de las normativas al comprender que herramienta o estrategia
usar para cada caso en específico, teniendo en cuenta cada fase presente dentro de
una posible materialización de algún ataque.
The advance of new technologies has brought with it new challenges in terms of security, it is important that the principles of confidentiality, integrity and availability are maintained in order to maintain the processes in the organization. One thing is clear and that is that some common characteristics, among them the fact that it is not necessary to have resources to commit certain crimes; the possibility of anonymity offered by the Internet and the technical difficulty required to track an attack has made these modalities attractive. With the review of the literature and from the perspective of different studies, it was determined that it is fundamental to maintain the confidentiality, integrity, availability and authorized usability of the information, which takes on special relevance and raises the need for suitable professionals capable of ensuring, managing and maintaining the security of the data in their systems in the face of present and future threats. Similarly, there are standards that serve as reference models to meet the new demands of technologies in terms of security, a security model serves as a support to mitigate threats and vulnerabilities. The objective of this research is to propose a model of computer security to mitigate possible cyber attacks on information systems at the University of Cartagena UdeC. It was decided to make use of on-site research. The research model used was the structural systemic one and at the same time a holistic approach in research that emerges as a response to the need to integrate the various approaches, methods and techniques. Initially, we resorted to observation techniques (data collection) that allow us to form a solid idea of the study of the research that is being proposed, hence the need to use the classification technique that allowed us to group the policies that best fit our objectives and finally the technique of definitions, which will not provide the final structures of our main objective. With the diagnosis carried out at the UdeC, it is possible to obtain a perspective or evaluation of how the processes related to information technologies and information security were working, allowing decisions to be made for the development of the research, by understanding from the recognition, analysis and evaluation, the trends in the use of the network and thus solve a problem or remedy a difficulty. Likewise, determining the strengths and weaknesses and understanding what elements were available and the possible vulnerabilities to which one could be exposed. The selected categories are theoretically defined, highlighting the importance of the standards chosen, such as COBIT 5, NIST and ISO 27002, which together allow optimal levels of confidentiality, integrity and availability of information due to their complementarity. The model shows that the selected categories complement each other in such a way that they provide the necessary tools to mitigate and/or counteract vulnerabilities and threats, since they support the use of regulations by understanding which tool or strategy to use in each specific case, taking into account each phase of a possible attack.
The advance of new technologies has brought with it new challenges in terms of security, it is important that the principles of confidentiality, integrity and availability are maintained in order to maintain the processes in the organization. One thing is clear and that is that some common characteristics, among them the fact that it is not necessary to have resources to commit certain crimes; the possibility of anonymity offered by the Internet and the technical difficulty required to track an attack has made these modalities attractive. With the review of the literature and from the perspective of different studies, it was determined that it is fundamental to maintain the confidentiality, integrity, availability and authorized usability of the information, which takes on special relevance and raises the need for suitable professionals capable of ensuring, managing and maintaining the security of the data in their systems in the face of present and future threats. Similarly, there are standards that serve as reference models to meet the new demands of technologies in terms of security, a security model serves as a support to mitigate threats and vulnerabilities. The objective of this research is to propose a model of computer security to mitigate possible cyber attacks on information systems at the University of Cartagena UdeC. It was decided to make use of on-site research. The research model used was the structural systemic one and at the same time a holistic approach in research that emerges as a response to the need to integrate the various approaches, methods and techniques. Initially, we resorted to observation techniques (data collection) that allow us to form a solid idea of the study of the research that is being proposed, hence the need to use the classification technique that allowed us to group the policies that best fit our objectives and finally the technique of definitions, which will not provide the final structures of our main objective. With the diagnosis carried out at the UdeC, it is possible to obtain a perspective or evaluation of how the processes related to information technologies and information security were working, allowing decisions to be made for the development of the research, by understanding from the recognition, analysis and evaluation, the trends in the use of the network and thus solve a problem or remedy a difficulty. Likewise, determining the strengths and weaknesses and understanding what elements were available and the possible vulnerabilities to which one could be exposed. The selected categories are theoretically defined, highlighting the importance of the standards chosen, such as COBIT 5, NIST and ISO 27002, which together allow optimal levels of confidentiality, integrity and availability of information due to their complementarity. The model shows that the selected categories complement each other in such a way that they provide the necessary tools to mitigate and/or counteract vulnerabilities and threats, since they support the use of regulations by understanding which tool or strategy to use in each specific case, taking into account each phase of a possible attack.
Descripción
Palabras clave
Ciberseguridad, Vulnerabilidades, COBIT 5, NIST, ISO 27002, Buenas prácticas, Cybersecurity, Vulnerabilities, Good practices
