Dynamic Cybersecurity Model based on ISO standards for Higher Education Institutions in Colombia
Introduction: This article is the result of a research process whose product was to generate a guide for Higher Education Institutions (in Spanish, IES) to adopt a Cybersecurity Model based on ISO standards (International Organization for Standardization).
Problem: IES do not have a cybersecurity model aligned to the ISO / IEC 27032: 2012 standard (International Organization for Standardization / International Electrotechnical Commission), which causes a lack of clarity and uncertainty in the level of maturity and low efficiency in processes and information security controls to be implemented.
Objective: Propose a dynamic model of cybersecurity based on ISO standards for IES.
Methodology: The development of this work was oriented under a line of applied research, by virtue of the fact that it was necessary to address the problem based on previous knowledge that allowed supporting the theoretical contributions and the activities proposed to determine the possible causes of the problem and give it a possible solution.
Results: The generation of this dynamic model allows it to be adapted to the different needs and requirements of IES.
Conclusion: IES can implement a cybersecurity model to prevent and protect information at the cyberspace level.
Originality: The work carried out generates a great contribution, which is the generation of a dynamic cybersecurity model, since at present there are no specific models for IES.
Limitations: The model implementation guide is established in a general way to be applied later to an organization in any sector.
How to Cite
License
Copyright (c) 2021 Ingeniería Solidaria
This work is licensed under a Creative Commons Attribution 4.0 International License.
Cession of rights and ethical commitment
As the author of the article, I declare that is an original unpublished work exclusively created by me, that it has not been submitted for simultaneous evaluation by another publication and that there is no impediment of any kind for concession of the rights provided for in this contract.
In this sense, I am committed to await the result of the evaluation by the journal Ingeniería Solidaría before considering its submission to another medium; in case the response by that publication is positive, additionally, I am committed to respond for any action involving claims, plagiarism or any other kind of claim that could be made by third parties.
At the same time, as the author or co-author, I declare that I am completely in agreement with the conditions presented in this work and that I cede all patrimonial rights, in other words, regarding reproduction, public communication, distribution, dissemination, transformation, making it available and all forms of exploitation of the work using any medium or procedure, during the term of the legal protection of the work and in every country in the world, to the Universidad Cooperativa de Colombia Press.
F. Carrera Villacrés, L. Vernaza Quiñónez, F. Quiroz Ponce, K. Solís Charcopa, and E. Vicente da Silva, “Cybersecurity in the information systems of universities,” Science Domain, vol. 3, no. 3, pp. 689–713, 2017. doi: 10.23857/dc.v3i3.
C.C. Police, “Colombia Cybercrime Trends 2019-2020,” 2019.
R. Sabillón, J.J.C.M., “Audits in Cybersecurity: A model of general application for compa-nies and nations,” RISTI - Rev. Ibérica Sist. e Tecnol. Information, no. 32, pp. 33–48, 2019. doi: 10.17013risti.32.33-48.
J.J. Santacruz Espinoza, C.R. Vega Abad, L.F. Pinos Castillo, O.E. Cárdenas Villavicencio, “Cobit system in computer systems auditing processes,” vol. 2, no. 8, pp. 65–68, 2017.
J. Morales, N. Zambrano, J. Mera, M. Zambrano, “Cybersecurity and its application in Higher Education Institutions,” RISTI - Rev. Iber. Syst. e Tecnol. Inf., pp. 438–448, 2019.
S. Consulting, “Implementing the ISO 27032: 2012 Standard,” 2019.
B. José, R. Montealegre, “Measurement of Cybersecurity maturity in Colombian MSMEs,” 2016.
C. Tarazona, “Computer Threats and Information Security,” Information Security Consultant, Etek Internacional.pp. 137–146, 2015.
S. Ontoria, “Government and modeling of information security in organizations,” Universidad Carlos III Madrid, 2011.
A. Valoyes Mosquera, “Cybersecurity in Colombia,” Univ. Pilo, p. 12, 2019.
J. Burgos Salazar, P.G. Campos, “Model for information security in IT,” CEUR Workshop Proc., vol. 488, pp. 234–253, 2009.
R. Hernández Sampieri, C.P. Mendoza Torres, “The Quantitative, Qualitative and Mixed Routes Research Methodology,” McGraw-Hill Interam., p. 713, 2018.
SL Guzmán Solano, “Guide for the implementation of the ISO 27032 Standard,” Universidad Catolica de Colombia, 2019.
ICONTEC, GTC-ISO / IEC 27032. 2020, p. 69.
ID Advisors, “Quick guide to ISO 20000-1: 2018 Service Management System application,” 2018. [Online]. Available: https://www.intedya.com/productos/GUIAISO20000.pdf.
J.S. Acosta, “Design of a security policy model for a server,” Universidad Cooperativa de Colombia, 2018.
AENOR, “Information Technology Security Techniques Code of Practice for Information Security Controls ISO 27002,” pp. 1–118, 2015.
AENOR, “ISO / IEC / IEEE 29119 The new international standard for software testing,” 2014. [Online]. Available: https://in2test.lsi.uniovi.es/gt26/presentations/ISO29119-Presentacion-GT26-20140618.pdf.
AENOR, “Information Technology Software Asset Management (SAM),” pp. 1–3, 2008.
E. Cajibal, “Vulnerability and social resilience to floods derived from tropical cyclones in three municipalities of Veracruz. A study with high school teachers,” no. October, p. 295, 2018.
J. J. Palacios Rozo, H. E. Palacio Velásquez, R. González Silva, “Educación versus tecnología y su convergencia hacia la IA,” Revista vínculos, vol. 15, no. 2, pp. 186–194, nov. 2018. https://doi.org/10.14483/2322939X.14114
R. E. Valero Vargas, J. J. Palacios Rozo, y R. González Silva, “Tecnologías de la Información y la Comunicación y los Objetos Virtuales de Aprendizaje: un apoyo a la presencialidad,” Revista vínculos, vol. 16, no. 1, pp. 82–91, jun. 2019. https://doi.org/10.14483/2322939X.15537
M. J. Hernandez Mediná, C. C. Pinzón Hernández, D. O. Díaz López, J. C. Garcia Ruiz, y R. A. Pinto Rico, “Open source intelligence (OSINT) in a colombian context and sentiment análisis”, Revista vínculos, vol. 15, no. 2, pp. 195–214, nov. 2018. https://doi.org/10.14483/2322939X.13504
C. Ruiz, “Interinstitutional Program Doctorate in Education.,” J. Chem. Inf. Model., vol. 53, no. 9, pp. 1689-1699, 2017.
J. C. Najar Pacheco, “Exposición del activo más valioso de la organización, la ́información ́”, Visión Electrónica, vol. 11, no. 1, pp. 107-115, 2017. https://doi.org/10.14483/22484728.12345
C. H. Caicedo, A. Smida, “Intensidad informacional para la longitudinalidad asistencial en sistemas de salud,” Visión electrónica, vol. 10, no. 1, pp. 83-95, jun. 2016. https://doi.org/10.14483/22484728.11612
J. F. Herrera-Cubides, P. A. Gaona-García, C. E. Montenegro-Marín, S. Sánchez-Alonso, y D. Martin-Moncunill, “Abstraction of linked data’s world,” Visión electrónica, vol. 13, no. 1, pp. 57-74, feb. 2019. https://doi.org/10.14483/22484728.14397
J. P. Ortiz Quevedo, R. Nuñez Uribe, “Percepciones docentes de las didácticas en el entorno virtual,” Conocimiento Global, vol. 4, no. 1, pp. 67-78. 2019. [Online]. Available: https://cono-cimientoglobal.org /revista/index.php/cglobal/article/view/35
F. Agredo Satizábal, “Impacto de las TIC en la competitividad empresarial soportada por un modelo de educación digital,” Enfoque Disciplinario, vol. 4, no. 1, pp. 37-50. 2019. http://enfo-quedisciplinario.org/revista/index.php/enfoque/article/view/20
A. F. Castro Alfaro. “El coaching como puntos de fortalecimiento del profesionalismo del do-cente,” Enfoque Disciplinario, vol. 2, no. 1, pp. 15-22. 2017. [Online]. Available: http://enfoque-disciplinario.org /revista/index.php/enfoque/article/view/14
