Maestría en Gestión y Seguridad de la Información
URI permanente para esta colecciónhttp://hdl.handle.net/11349/41903
Examinar
Envíos recientes
Ítem Modelo de integración de la arquitectura de seguridad empresarial O-ESA con Implementación de controles CIS(Universidad Francisco Jose de Caldas) Jimenez León, William Humberto; Vanegas Ayala, Sebastian Camilo; Vanegas Ayala, Sebastian Camilo [0000-0002-8610-9765]Organizational cybersecurity faces constant challenges due to the evolving nature of digital threats. In response, this project proposes strengthening the Open Enterprise Security Architecture (O-ESA) through its integration with the Center for Internet Security (CIS) Controls, which provide prioritized measures based on maturity levels. Through documentary analysis, theoretical mapping between O-ESA and CIS Controls, and cyber threat simulations, it was demonstrated that this integration enhances risk mitigation effectiveness by offering a more precise and adaptable framework for implementing security controls. The developed model not only facilitates the structured adoption of O-ESA but also optimizes its application by aligning its components with the CIS Controls, thereby strengthening the organization's security posture against emerging threats.Ítem Diseño de modelo de ciberseguridad para instituciones financieras: identificación, clasificación y protección de activos críticos ifa (internet facing applications)(UNIVERSIDAD DISTRITAL FRANCISCO JOSÉ DE CALDAS) Loiza Moreno, Luz Adriana; Leguizamón Páez , Miguel Ángel; Leguizamón Páez Miguel Ángel [0000-0003-0457-0126]This research revolves around developing a design for a cybersecurity best practices model primarily focused on protecting critical Information assets (IFAS) in financial institutions. Through methodological exploration, 4 phases are defined, which in their development seek to provide tools that strengthen the cybersecurity posture of financial entities against continuously evolving threats. The research begins with an analysis of frameworks and standards such as ISO 27001, NIST SP 800-53, and COBIT 2019 that provide tools to identify and classify IFAS critical assets according to the CIA triad (Confidentiality, Integrity, Availability). Subsequently, it evaluates vulnerabilities and security gaps using NIST SP 800-30 risk assessment methodologies, complemented by red team exercises to assess the resilience of critical assets. The main contribution focuses on designing a protection model supported by the definition of technical and administrative controls which are aligned with international standards such as ISO 27001 Annex A and NIST CSF functions (Identify, Protect, Detect, Respond, Recover). This is done through proposed incident response guidelines based on NIST IR 8353 for scenarios such as ransomware attacks and data breaches. The final phase focuses on documenting the guidelines that, in the proposed exercises, support the continuous improvement of cybersecurity maturity in financial entities. This includes asset classification parameters, vulnerability management protocols, and general incident response procedures. The model allows measurement using the CMMI cybersecurity maturity model and the levels defined by NIST CSF, which provides entities with steps to follow in the objective of continuous improvement of their cybersecurity capabilities and their general resilience against threats.Ítem Seguridad informática y de la información, articulación y convergencia en el sector financiero y la banca en líneaGuzman Parra, Danilo Antonio; Navarro Mejía, Wilman Enrique; Navarro Mejía, Wilman Enrique [0000-0002-8796-7761]Computer and information security for the financial and banking sector is the topic addressed in this study. The banking sector is experiencing rapid changes, and the state of security and its frameworks vary both technically and from a regulatory perspective. Therefore, we explore several technical methods and three standards that must be considered in the online financial and banking world, enabling these organizations to provide services with accepted levels of trust and security for their clients. We classify the technical methods into four sections, which are by no means definitive or exclusive but represent the most up-to-date approaches available. Additionally, we provide a characterization of new complementary security technologies, such as federated cloud systems and their key components.Ítem Modelo de seguridad informática para la evaluación de dispositivos biomédicosHerrera Melo, Carlos Fabian; Gomez Mora , Miller; 0000-0002-4310-8893The present thesis proposes a Computer Security Model designed specifically for the assessment of biomedical devices. In a context where interconnection and digitization in the healthcare sector are increasingly common, the security of biomedical devices becomes a critical concern that must be addressed following industry best practices. This model is based on an integrative approach that combines information security principles with specific requirements of medical devices, addressing both technological and regulatory aspects. The research employed a qualitative methodological approach that included literature review, data collection, data analysis, and assessment of cybersecurity risks. The results highlight the importance of implementing proactive and specific measures to mitigate risks and ensure the confidentiality of information in biomedical devices, thereby safeguarding patient privacy. This model not only provides a practical guide for institutions needing guidelines in their biomedical equipment procurement processes but also contributes to advancing knowledge in the field of computer security in biomedical devices in Colombia.Ítem Modelo para cumplimiento de PCI DSS en interfaces web de pago sobre Cloud ComputingDiaz Serrano, Camilo Andres; Leguizamón Páez, Miguel Ángel; 0000-0003-0457-0126This research explores the integration between the prioritized approach to PCI DSS compliance along with the practices defined in the OWASP DevSecOps Maturity Model (DSOMM). For this purpose, a continuous compliance model is proposed that relates the PCI DSS requirements that would be applicable to a web payment interface on cloud computing with the DevSecOps phases, in this way, compliance efforts are focused on the entire life cycle of the software development in specific parts, thus guaranteeing that PCI DSS compliance occurs in all phases where applicable and occurs continuously. In the proposed model, in addition to establishing the integration between the prioritized approach of PCI DSS and DevSecOps, the standard of compliance evidence will also be established for each of the DevSecOps phases, and the processes and procedures for the delivery and review of the evidence. For the final validation of the proposed model, it was qualitatively compared against the implementation of the prioritized approach to PCI DSS compliance without integration with DevSecOps or compliance evidence standard or defined processes or procedures for the delivery and review of evidence, resulting that the proposed model provides the robust cybersecurity expected by achieving compliance through: Equitable distribution of all compliance efforts applicable to all phases of DevSecOps, consolidation of a better compliance program compared to the application of the prioritized approach alone of PCI DSS, the correct segregation of roles in compliance that allows the unification of joint compliance efforts, and the reduction of human error in compliance since the orientation towards DevSecOps provides automations.Ítem Modelo de Gestión a Incidentes de Seguridad en el Centro de Computación de Alto Desempeño (CECAD)Acosta Peña, Diana; Gaona García, Elvis Eduardo; Rodríguez Guerrero, Rocio; https://orcid.org/0000-0001-5431-8776This document describes the information security incident management model at the High-Performance Computing Center of the Francisco José de Caldas District University “CECAD”. High-performance computing centers (HPC) are an infrastructure that houses equipment with large storage capacities, processing and high-power computing systems, designed to perform complex calculations and process large volumes of data at high speeds (Kara Ilker y Aydos Murat 2022), in that The High Performance Computing Center of the Francisco José de Caldas District University “CECAD” is a laboratory whose objective is to promote research and the transfer of knowledge in the areas of engineering, technology, natural sciences, and social sciences. To mitigate the effects of possible information security events or intrusions, it was proposed to define a management model for security incidents, based on the formulation of policies and adoption of norms and standards, for which the research methodology applied through of phases, finally the model was defined, which allowed observing the behavior of the model when applied in a simulation in a controlled environment.