Desarrollo e implementación de modelo de seguridades, módulo de auditorías y reportes de control en la plataforma SECOED V2, FCI 016-2019
Fecha
2023-05
Título de la revista
ISSN de la revista
Título del volumen
Editor
Universidad de Guayaquil. Facultad de Ciencias Matemáticas y Físicas. Carrera de Ingeniería en Sistemas Computacionales.
Resumen
En la actualidad existe una gran variedad de normas internacionales ligadas a la auditoría de sistemas y seguridad informática, mismas que pueden ser aplicadas al momento del desarrollo como un historial de modificaciones de registros y errores. La implementación de un módulo “Auditoría”, trabajará en conjunto a las Auditorías Informáticas, Norma ISO 14598 y Norma ISO 19011 con el fin de integrar nuevas tecnologías al área de desarrollo de software haciendo sus características más destacables efectivas de control y seguimiento a los registros de información modificados con evidencia verificable y bajo riesgo de una mala interpretación. Para lograr el cometido se ha hecho el uso de la metodología de investigación aplicada junto a sus tres fases de ideación, ejecución y resultados, mismas que trabajan en conjunto a la metodología de investigación exploratoria y sus instrumentos como la lista de cotejo, juicio de expertos y consultas bibliográficas para su mejor entendimiento. Para el área de desarrollo se hace uso de la metodología cascada por su estructura ya definida al inicio y su correcta segmentación de fases a cumplir conforme vayan siendo completadas en su totalidad. La implementación de un historial de modificaciones detallado plantea reducir el tiempo tomado en las auditorías regulares, sumado a esto la visualización del historial de las acciones realizadas en la base de datos (Creación, Actualización, Borrado), este informe se encuentra al alcance de quien lo necesite para dar un seguimiento a las modificaciones consideradas poco éticas dentro de la Plataforma SECOED V2. Todos los módulos tienen ventajas que son aprovechados conforme a las necesidades de cada usuario, independientemente del rol que desempeñe dentro de la plataforma, dando así un mayor índice seguridad dentro de la plataforma de formación docente.
Nowadays there is a great variety of international standards linked to system auditing and computer security, which can be applied at the time of development as a version history of logs and errors. The implementation of an "Audit" module will work in conjunction with IT Audits, ISO 14598 Standards and ISO 19011 Standards in order to integrate new technologies to the area of software development, making its most outstanding features effective control and monitoring in versions of modified information records with verifiable evidence and low risk of interpretation. To achieve this goal, the applied research methodology has been used with its three phases of ideation, execution and results, which work together with the exploratory research methodology and its instruments such as the checklist, expert judgment and bibliographic consultations for a better understanding. For the development area, the waterfall methodology is used due to its structure already defined at the beginning and its correct segmentation of phases to be fulfilled as they are completed in their entirety. The implementation of a detailed version control system reduces the time taken in regular audits, in addition to a descriptive report of each transaction performed by each user in data management (Creation, Update, Deletion), this report is available to anyone who needs it to follow up on what is considered unethical within the SECOED V2 Platform. All modules have advantages that are used according to the needs of each user, regardless of the role they play within the platform, these meet a segmentation between privileges and versions corresponding to a different user, thus giving a higher security index within the platform.
Nowadays there is a great variety of international standards linked to system auditing and computer security, which can be applied at the time of development as a version history of logs and errors. The implementation of an "Audit" module will work in conjunction with IT Audits, ISO 14598 Standards and ISO 19011 Standards in order to integrate new technologies to the area of software development, making its most outstanding features effective control and monitoring in versions of modified information records with verifiable evidence and low risk of interpretation. To achieve this goal, the applied research methodology has been used with its three phases of ideation, execution and results, which work together with the exploratory research methodology and its instruments such as the checklist, expert judgment and bibliographic consultations for a better understanding. For the development area, the waterfall methodology is used due to its structure already defined at the beginning and its correct segmentation of phases to be fulfilled as they are completed in their entirety. The implementation of a detailed version control system reduces the time taken in regular audits, in addition to a descriptive report of each transaction performed by each user in data management (Creation, Update, Deletion), this report is available to anyone who needs it to follow up on what is considered unethical within the SECOED V2 Platform. All modules have advantages that are used according to the needs of each user, regardless of the role they play within the platform, these meet a segmentation between privileges and versions corresponding to a different user, thus giving a higher security index within the platform.
Descripción
PDF
Palabras clave
AUDITORÍA, SEGURIDAD, ISO, ETICO, PRIVILEGIOS, SEGMENTACION, AUDITING, SEGMENTATION, SECURITY, ETHICS,, PRIVILEGES