Propuesta de creación de Centros de respuesta a incidentes de Seguridad informática como estrategia de Cyberseguridad para medios de pagos digitales
Fecha
2022-06
Autores
Título de la revista
ISSN de la revista
Título del volumen
Editor
Universidad de Guayaquil - Facultad de Ciencias Matemáticas y Físicas - Carrera de Ingeniería Civil
Resumen
El presente trabajo tipo como objetivo diseñar un Centro de Respuesta a Incidentes de Seguridad Informática para la comunidad finanzas en el Ecuador. Por ello se realizó una investigación de que centros se encuentran creados en el Ecuador y como se encuentran constituidos, los modelos posibles, servicios que brindan, el marco legal que el Ecuador dispone de acuerdo a sus leyes, se revisó las leyes internacionales, así como las normas y estándares aplicables a este trabajo. En base a encuestas y revisión documental, que realizaron en La Superintendencia de Economía Popular y Solidaria, los resultados demuestran que los servicios de ciberseguridad son encargados a sus propios criterios o empresas tercerizadas, y no a un ente que pueda fortalecer los mecanismos de ciberseguridad, por ello se propone el diseño para la creación de cómo un Centro de Respuesta a Incidentes de Seguridad Informática, sus objetivos, políticas, servicios, recursos, infraestructura, relaciones con otros CSIRT, presupuesto del recurso operativo del CSIRT y manejos de los incidentes.
The objective of this type of work is to design a Computer Security Incident Response Center for the financial community in Ecuador. For this reason, an investigation was carried out on which centers are created in Ecuador and how they are constituted, the possible models, services they provide, the legal framework that Ecuador has according to its laws, international laws were reviewed, as well as the norms and standards applicable to this work. Based on surveys and documentary review, carried out in the Superintendence of Popular and Solidarity Economy, the results show that cybersecurity services are entrusted to their own criteria or outsourced companies, and not to an entity that can strengthen cybersecurity mechanisms. For this reason, the design is proposed for the creation of a Computer Security Incident Response Center, its objectives, policies, services, resources, infrastructure, relations with other CSIRTs, budget of the CSIRT's operational resource and handling of incidents.
The objective of this type of work is to design a Computer Security Incident Response Center for the financial community in Ecuador. For this reason, an investigation was carried out on which centers are created in Ecuador and how they are constituted, the possible models, services they provide, the legal framework that Ecuador has according to its laws, international laws were reviewed, as well as the norms and standards applicable to this work. Based on surveys and documentary review, carried out in the Superintendence of Popular and Solidarity Economy, the results show that cybersecurity services are entrusted to their own criteria or outsourced companies, and not to an entity that can strengthen cybersecurity mechanisms. For this reason, the design is proposed for the creation of a Computer Security Incident Response Center, its objectives, policies, services, resources, infrastructure, relations with other CSIRTs, budget of the CSIRT's operational resource and handling of incidents.
Descripción
PDF
Palabras clave
ANALIZAR, ESTABLECER, POLITICAS, SEGURIDAD, INCIDENTES
Citación
APA