首页> 外文期刊>RECIBE >Análisis de estrategias de gestión de seguridad informática con base en la metodología Open Source Security Testing Methodology Manual (OSSTMM) para la intranet de una Institución de Educación Superior - Analysis of Strategies of Computer Security Management Based on the Open Source Security Testing Manual Methodology (OSSTMM) for the Intranet of a Higher Education Institution
【24h】

Análisis de estrategias de gestión de seguridad informática con base en la metodología Open Source Security Testing Methodology Manual (OSSTMM) para la intranet de una Institución de Educación Superior - Analysis of Strategies of Computer Security Management Based on the Open Source Security Testing Manual Methodology (OSSTMM) for the Intranet of a Higher Education Institution

机译:基于大学内部网的《开源安全测试方法手册》(OSSTMM)的计算机安全管理策略分析-基于《开源安全测试手册方法》(OSSTMM)的计算机安全管理策略分析),用于高等教育机构的内部网

获取原文
获取外文期刊封面目录资料

摘要

The present study focused on taking as reference the OSSTMM methodology to apply an auditory of a computer security, and to identify security breaches in a Higher Education Institution, using as a type of test the ethical Hacking. Through a field investigation, it was established the current situation of policies of the computer security management of the Higher Education Institution which is the object of the study, where the main information assets analyzed were: the server with the financial and academic management system, computer labs, teaching rooms and the administrative area. Based on the audit that was done, it was found that the institution of higher superior doesn’t carry an adequate control of information security, policies and their application, obtaining as main finding the values of risk assessment (Rav) equivalent to 72.15% of security. In the computer security analysis carried out, it is concluded that the porosity and limitations allow to evaluate the level of impact and criticality of the vulnerabilities found, which can be mitigated by applying computer security management strategies and in conjunction with increased controls the Rav's valuation can be improved to a weighting of 77.00%; in this way, the reliability, integrity and availability of the information is guaranteed.
机译:本研究的重点是,将OSSTMM方法论作为一种道德黑客测试手段,作为参考来应用计算机安全听觉,并确定高等教育机构中的安全漏洞,以作为参考。通过实地调查,确定了本研究对象的高校计算机安全管理政策的现状,分析的主要信息资产为:具有财务和学术管理系统的服务器,计算机实验室,教室和行政区域。根据所做的审计,发现上级机构对信息安全,政策及其应用没有足够的控制,主要发现风险评估(Rav)的值等于风险评估的72.15%。安全。在进行的计算机安全分析中,得出的结论是,孔隙度和限制可以评估发现的漏洞的影响和严重性,可以通过应用计算机安全管理策略以及增强的控制结合Rav的估值,可以缓解这些问题和严重性。权重提高到77.00%;这样,可以确保信息的可靠性,完整性和可用性。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号