Publicación:

Implementation of an ISMS Based on ISO/IEC 27001:2022 to Improve Information Security in the Internet Services Sector

Resumen

Information security is currently crucial for all organizations, and the implementation of an Information Security Management System (ISMS) based on ISO/IEC 27001:2022 is presented as a framework of excellence to address threats. cyber and protect information assets. This research will use the MAGERIT methodology to analyze and manage information systems, integrating it with the ISMS to identify assets, analyze risks, determine safeguards, and establish risk treatment measures. As a result of the implementation, there is an increase in confidentiality controls from 9 to 12, and a reduction in incidents from 40 to 12. Likewise, there is an increase in integrity controls from 9 to 15, and a reduction in incidents from 52 to 30. Regarding to availability, there is an increase in controls from 9 to 18 and a decrease in incidents from 49 to 29; thus, demonstrating a successful implementation in the evaluated categories. Finally, it is important to highlight information security in the internet services sector to protect data, mitigate risks, ensure customer trust, and comply with legal regulations in an increasingly threatening digital environment. © 2024 IEEE.