Por favor, use este identificador para citar o enlazar este ítem: http://repositorio.educacionsuperior.gob.ec/handle/28000/4195
metadata.dc.type: masterThesis
Título : Risk Management Policies and Procedures to procure secure COTS software in Ecuadorean Government organisations
Otros títulos : Políticas y procedimientos para la administración del riesgo en la adquisición de software para Organizaciones Gubernamentales Ecuatorianas
Autor : Anchundia Ruíz, Mercy Denisse
metadata.dc.contributor.advisor: Batten, Ian
Palabras clave : SOFTWARE PROCUREMENT;ECUADOREAN GOVERNMENT;SUPPLIER RISKS;COTS SOFTWARE SECURITY
Fecha de publicación : sep-2016
Editorial : Birmingham / Universidad de Birmingham
Citación : Anchundia Ruíz, Mercy Denisse. (2016). Risk Management Policies and Procedures to procure secure COTS software in Ecuadorean Government organisations. (Trabajo de titulación de Máster en Seguridad Cibernética). Universidad de Birmingham. Birmingham. 165 p.
Resumen : The dissertation project that is described in this document is intended to assist Ecuadorean Government organisations with demand for secure software into the procurement process, that includes supplier and product selection, contract negotiation. It is because Ecuadorean government regulations impose the use of open source software only if it does not affect the national security, otherwise the proprietary ones. But without any previous instruction to select them securely and without being proactive to be compliant with a law that imposes the implementation of the ISO/IEC 27002 security controls as part of cybersecurity government strategy. In order to fill the gap between regulations and software security in the aforementioned context, the proposed solution in this project provides general guidelines (policies), methodology (procedures) that include security baselines and cybersecurity related language for risk management in Commercial Off-The-Shelf software procurement to treat software and its supplier risks. The approach that was used to develop this solution applies the ISO/IEC 27005 (Information Security Risk Management) to a generic software procurement process that generates a Secure Commercial Off-The-Shelf Software Procurement Process (SCSPP) for Ecuadorean government organisations,that are not involved in military or intelligence departments. A realistic scenario is presented as parts of the process’s records to illustrate how to apply this solution in the current situation for those institutions.
URI : http://repositorio.educacionsuperior.gob.ec/handle/28000/4195
Aparece en las colecciones: Becarios

Ficheros en este ítem:
Fichero Descripción Tamaño Formato  
T-SENESCYT-01509.pdf10.79 MBAdobe PDFVisualizar/Abrir


Los ítems de DSpace están protegidos por copyright, con todos los derechos reservados, a menos que se indique lo contrario.