Valoración y Plan de Tratamiento de Riesgos de Seguridad de la Información para los Procesos Incluidos en el Alcance del SGSI del Cliente TGE de la Empresa ASSURANCE CONTROLTECH

Abstract

In this present project of internship will find the implementation of the methodology of risk management of information security developed according to the needs of the client and the requirements for the implementation of an Information Security Management System under the norm NTC / ISO / IEC 27001: 2013, this was developed through six (6) phases that included the assessment of information security risks and that includes the activities of identification, analysis and evaluation of the same to finally carry out the definition of the plan Of risk management, taking as a frame of reference the principles and guidelines of the NTC / ISO 31000: 2009 Risk Management standard and the safety controls guide established in the standard for information security ISO / IEC 27002: 2013 Which gives the recommendations for the management of information security, was also carried out the inventory and classification of assets S of information that were handled in the processes with the objective of to implement security controls that allow to guarantee the fundamental principles of confidentiality, integrity and availability of the information.