,PSOHPHQWDWLRQRIDQ,QIRUPDWLRQ6HFXULW\

Implementation of an Information Security

0DQDJHPHQW6\VWHPWR,PSURYHWKH,76HFXULW\RI
Management System to Improve the IT Security of
2024 14th International Conference on Cloud Computing, Data Science & Engineering (Confluence) | 979-8-3503-4483-7/24/$31.00 ©2024 IEEE | DOI: 10.1109/CONFLUENCE60223.2024.10463232

DQ$JULFXOWXUDO7RRO0DQXIDFWXULQJ&RPSDQ\
an Agricultural Tool Manufacturing Company

ChristianCondolo"D
&KULVWLDQ&RQGROR ShantallRomero"D
6KDQWDOO5RPHUR :LOIUHGR7LFRQD DE
Wilfredo Ticona- b
)DFXOWDGGH,QJHQLHUtD
Faeultad de Ingenieria )DFXOWDGGH,QJHQLHUtD
Faeultad de Ingenieria )DFXOWDGGH,QJHQLHUtD
Faeultad de Ingenieria
D D E
a8QLYHUVLGDG7HFQROyJLFDGHO3HU~
Universidad Teenal6giea del Peru a8QLYHUVLGDG7HFQROyJLFDGHO3HU~
Universidad Teenal6giea del Peru b8QLYHUVLGDG(6$1
Universidad ESAN
/LPD3HU~
Lima,Peru /LPD3HU~
Lima, Peru /LPD3HU~
Lima,Peru
X#XWSHGXSH
[email protected] X#XWSHGXSH
[email protected] ZPDPDQL#HVDQHGXSH
[email protected]
 

$EVWUDFW²
Abstract- &\EHUDWWDFNV
Cyber-attacks KDYHhave EHHQ
been LQFUHDVLQJ
increasing LQ in UHFHQW
recent LPSOHPHQW
implement DQ an ,QIRUPDWLRQ
Information 6HFXULW\
Security 0DQDJHPHQW
Management 6\VWHP
System
\HDUV
years, EHLQJ
being WKLV
this D
a SUREOHP
problem IRUfor DQ\
any W\SH
type RIof FRPSDQ\
company. 7KLVThis ,606 HQVXULQJ
(ISMS), ensuring DQ
an HIIHFWLYH
effective VROXWLRQ7KHLPSOHPHQWDWLRQ
solution. The implementation
VWXG\
study DLPV
aims WRto LPSOHPHQW
implement D a V\VWHP
system WKDW
that DLPV
aims WRto LPSURYH
improve RI
of WKH
the ,606
ISMS ZLOO
will SURWHFW
protect FULWLFDO
critical DVVHWV
assets VXFK
such DV
as FXVWRPHU
customer,
FRPSXWHUVHFXULW\LQDFRPSDQ\GHGLFDWHGWRWKHPDQXIDFWXUH
computer security in a company dedicated to the manufacture VXSSOLHUDQGEDQNLQJGDWDUHGXFLQJWKHULVNRIF\EHUDWWDFNV
supplier and banking data, reducing the risk of cyber-attacks
RI
of DJULFXOWXUDO
agricultural WRROV
tools WR
to HQVXUH
ensure WKH
the GHIHQVH
defense RI of WKH
the FRPSDQ\
company'sV DQG
and VWUHQJWKHQLQJ
strengthening WKHthe ,7
IT VHFXULW\
security SRVWXUH
posture. 7KLV
This DUWLFOH
article
GDWD
data DQG
and LQIRUPDWLRQ
information. 7KH The PHWKRGRORJ\
methodology XVHG used LVis WKH
the 3'&$
PDCA IRFXVHVRQWKHLPSRUWDQFHRILQIRUPDWLRQVHFXULW\PHDVXUHV
focuses on the importance of information security measures,
&\FOH
Cycle, WKH
the FKRLFH
choice RIof PHWKRGRORJ\
methodology ZLOO will KHOS
help WKH
the VROXWLRQ
solution WRto WKH
the HVSHFLDOO\
especially IRU
for 60(V
SMEs WKDW
that RIWHQ
often ODFN
lack UHVRXUFHV
resources, SURSRVLQJ
proposing
SUREOHP
problem FDQ
can EHbe FRQVWDQWO\
constantly LPSURYHG
improved. 7KH The PHWKRGRORJ\
methodology JRHV goes ,606
ISMS DV as D
a VROXWLRQ
solution IRU
for JUHDWHU
greater SURWHFWLRQ
protection DQG
and VRXQG
sound ,7IT
KDQG
hand LQin KDQG
hand ZLWKwith WKH
the ,62,(&
ISO/IEC  27001 VWDQGDUG
standard WKDWthat VHFXULW\
security PDQDJHPHQW
management. $V As PHQWLRQHG
mentioned >@
[4], WKH
the LQIUDVWUXFWXUH
infrastructure
HVWDEOLVKHV
establishes WKH
the UHTXLUHPHQWV
requirements IRU for WKH
the DGPLQLVWUDWLRQ
administration DQG and
FRQWLQXRXV
WKDW
that 60(V
SMEs KDYH
have LV
is QRW
not WKH
the PRVW
most DGHTXDWH
adequate WR
to IDFH
face D
a F\EHU
cyber-
continuous LPSURYHPHQW
improvement RI of DQ an ,QIRUPDWLRQ
Information 6HFXULW\Security DWWDFN
0DQDJHPHQW
Management 6\VWHP ,606  7KH
System (ISMS). The UHVXOW
result RI of WKH
the UHVHDUFK
research attack DQG
and WKHLU
their LQDGHTXDWH
inadequate PDQDJHPHQW
management RI of F\EHU
cyber ULVNV
risks OHDG
lead
VKRZHG WR
to Da FRQVLGHUDEOH
considerable LPSDFW
impact RQon WKH
the FRPSDQ\
company'sV HFRQRPLF
economic
showed WKDW
that WKHthe ,606
ISMS KDVhas D a SRVLWLYH
positive LQIOXHQFH
influence RQ on WKH
the
FRPSDQ\
company'sV LQIRUPDWLRQ
information VHFXULW\
security, WKH
the PDLQ
main UHVXOW
result EHLQJ
being WKDW
that SHUIRUPDQFH
performance.
UHSRUWHG
reported F\EHUDWWDFN
cyber-attack LQFLGHQWV
incidents GHFUHDVHG
decreased WR to 
1.33%, VLPLODUO\
similarly
UHVROYHG
resolved F\EHUDWWDFN
cyber-attack LQFLGHQWV
incidents LQFUHDVHG
increased E\ by 
72.20%, WKH
the ,,
II. 5 (/$7(':
RELATED 25.6
WORKS
SHUFHQWDJH
percentage RIof FRPSOLDQFH
compliance ZLWK
with VHFXULW\
security SROLFLHV
policies LQFUHDVHG
increased WRto
 ,QWKHILUVWSODFHWKHVWXG\E\>@ZDVFRQGXFWHGLQWKH
In the first place, the study by [5] was conducted in the
83.30%. ,QIn FRQFOXVLRQ
conclusion, WKHthe LPSOHPHQWDWLRQ
implementation RI of WKH
the V\VWHP
system
VLJQLILFDQWO\
significantly LPSURYHG
improved LWV its GHIHQVLYH
defensive PHDVXUHV
measures DJDLQVW
against F\EHU
cyber- 'DWD
Data DQG
and ,QIRUPDWLRQ
Information 'LYLVLRQ
Division RI of WKH
the 'HSDUWPHQW
Department RI of
DWWDFNV
attacks, WKH
the DGRSWLRQ
adoption RIof FOHDU
clear SROLFLHV
policies DQG
and SURFHGXUHV
procedures, WKH the &RPPXQLFDWLRQV
Communications DQG and ,QIRUPDWLRQ
Information 7HFKQRORJ\
Technology RI of 'HSRN
Depok
FRPSDQ\
company KDVhas VWUHQJWKHQHG
strengthened LWV its SUHSDUHGQHVV
preparedness DQG and UHVSRQVH
response &LW\ ',6.20,1)2 'HSRN
City (DISKOMINFO Depok &LW\
City). 7KH
The SUREOHP
problem LGHQWLILHG
identified
FDSDFLW\WRSRVVLEOHVHFXULW\LQFLGHQWV
capacity to possible security incidents. LV
is WKH
the ODFN
lack RI
of IUDPHZRUNV
frameworks DQG and JXLGHOLQHV
guidelines IRUfor LQIRUPDWLRQ
information
VHFXULW\,WLVSURSRVHGWRXVHWKH3'&$
security. It is proposed to use the PDCA (Plan, 3ODQ'R&KHFN
Do, Check,
.H\ZRUGV²,QIRUPDWLRQ
Keywords-Information 6HFXULW\
Security 0DQDJHPHQW
Management 6\VWHP
System, $FW
Act) DSSURDFK
approach LQ in SODQQLQJ
planning WKHthe ,QIRUPDWLRQ
Information 6HFXULW\
Security
3'&$&\FOH,QIRUPDWLRQ6HFXULW\,62,(&
PDCA Cycle, Information Security, ISOIlEC 27001. 0DQDJHPHQW
Management 6\VWHP System (ISMS),,606  IROORZLQJ
following WKHthe ,62
ISO
VWDQGDUG$VDUHVXOWDQ,606DVVHVVPHQWZDV
27001 :2013 standard. As a result, an ISMS assessment was
,
1. ,INTRODUCTION
1752'8&7,21 FRQGXFWHGWRSURYLGHUHFRPPHQGDWLRQVIRUVHFXULW\FRQWUROV
conducted to provide recommendations for security controls
1RZDGD\V
Nowadays, >@ [I] GLJLWDOL]DWLRQ
digitalization UHSUHVHQWV
represents DQan LPSRUWDQW
important WR
to LPSURYH
improve LQIRUPDWLRQ
information VHFXULW\
security DQG and JXLGH
guide LWVits
DGYDQFH
advance LQ in GLIIHUHQW
different VHFWRUV
sectors DQG
and EULQJV
brings ZLWK
with LW
it GLIIHUHQW
different LPSOHPHQWDWLRQ
implementation WR to HQVXUH
ensure WKDW
that LWVits LPSOHPHQWDWLRQ
implementation LV is
SRWHQWLDOULVNVVXFKDVWKHODFNRI,7VHFXULW\LQFRPSDQLHV
potential risks such as the lack of IT security in companies, HIIHFWLYH
effective. ,Q
In VXPPDU\
summary, WKH the LPSOHPHQWDWLRQ
implementation RI of WKH
the 3'&$
PDCA
EHLQJ
being D a YHU\
very FRPPRQ
common LVVXH
issue, GXH
due WR
to GLIIHUHQW
different SUREOHPV
problems WKDW
that DSSURDFK
approach EDVHG
based RQon ,62
ISO 
27001:2013 LPSURYHG
improved LQIRUPDWLRQ
information
ZLOO
will EH
be DGGUHVVHG
addressed WKURXJKRXW
throughout WKHthe VWXG\
study. $V
As PHQWLRQHG
mentioned, >@[2] VHFXULW\
security DW
at ',6.20,1)2
DISKOMINFO 'HSRN Depok &LW\ City E\
by SURYLGLQJ
providing
EHWZHHQ-DQXDU\DQG6HSWHPEHU3HUXKDVH[SHULHQFHG
between January and September 2021, Peru has experienced HIIHFWLYHFRQWUROVDQGVRXQGJXLGDQFHIRUWKHLUPDQDJHPHQW
effective controls and sound guidance for their management.
D
a UHPDUNDEOH
remarkable JURZWK
growth LQ in F\EHUFULPH
cybercrime, UHIOHFWHG
reflected LQ
in 
11,985
FRPSODLQWVUHFHLYHGE\WKH1DWLRQDO3ROLFH6HYHQW\SHUFHQW
complaints received by the National Police. Seventy percent 6LPLODUO\>@SURSRVHLQWKHLUVWXG\WKHLPSOHPHQWDWLRQ
Similarly, [6] propose in their study the implementation
RI
of WKHVH
these FRPSODLQWV
complaints ZHUHwere OLQNHG
linked WR
to FRPSXWHU
computer IUDXG
fraud. ,Q
In RI
of DQ
an ,606
ISMS EDVHG
based RQon WKH
the ,62
ISO 
27001 VWDQGDUG
standard, XVLQJ
using
FRPSDULVRQ
comparison, WKHSHULRG
the period IURP
from 
2013 WR
to UHFRUGHG
2020 recorded 
21,687 'HPLQJ
Deming'sV 3'&$
PDCA F\FOH
cycle DQG
and 0DJHULW
Magerit'sV ULVN
risk PDQDJHPHQW
management
FRPSODLQWV
complaints IRU for F\EHUFULPH
cybercrime QDWLRQZLGH
nationwide, VKRZLQJ
showing D a FOHDU
clear DSSURDFK
approach. 3'&$
PDCA HQVXUHV
ensures FRQILGHQWLDOLW\
confidentiality, LQWHJULW\
integrity DQG
and
XSZDUG
upward WUHQGGXULQJ
trend during WKHthe SDQGHPLF
pandemic. 6LPLODUO\
Similarly, DV
as PHQWLRQHG
mentioned DYDLODELOLW\
availability RI
of LQIRUPDWLRQ
information, SURYLGLQJ
providing VKRUWWHUP
short-term EHQHILWV
benefits.
>@LQLQ/DWLQ$PHULFDWKHPDLQF\EHUDWWDFNSUHVHQWHG
[3] in 2021 in Latin America the main cyber-attack presented 7KHREMHFWLYHLVWRIDFLOLWDWHWKHLPSOHPHQWDWLRQRIDQ,606
The objective is to facilitate the implementation of an ISMS
ZDV
was 5DPVRQZDUH
Ramsonware, UHSUHVHQWLQJ
representing 
29%, IROORZHG
followed E\
by 3KLVKLQJ
Phishing XQGHU
under LQWHUQDWLRQDO
international VWDQGDUGV
standards. ,WVIts DGYDQWDJHV
advantages LQFOXGH
include
ZLWK
with 
21%, UHSUHVHQWLQJ
representing LQ in JHQHUDO
general WKH
the KLJKHVW
highest UDWH
rate ZLWK
with LPSURYHPHQWVLQWKHSURWHFWLRQDQGGLVSRVDORILQIRUPDWLRQ
improvements in the protection and disposal of information,
UHVSHFW
respect WR to RWKHU
other FRQWLQHQWV
continents. $PRQJ
Among WKH the PRVW
most DWWDFNHG
attacked PLWLJDWLRQ
mitigation RIof YXOQHUDELOLWLHV
vulnerabilities DQG
and ULVNV
risks, GHILQHG
defined UROHV
roles DQG
and
FRXQWULHVLQ/DWLQ$PHULFDZHUH0H[LFR%UD]LODQG3HUX
countries in Latin America were Mexico, Brazil and Peru. UHVSRQVLELOLWLHV
responsibilities, LQFUHDVHG
increased DYDLODELOLW\
availability, FRQILGHQWLDOLW\
confidentiality DQG
and
7KH
The SUREOHP
problem OLHV
lies LQ
in WKH
the ODFN
lack RI
of DZDUHQHVV
awareness RI
of WKH
the LQWHJULW\EXVLQHVVFRQWLQXLW\DQGGLVDVWHUSODQV$VDUHVXOW
integrity, business continuity and disaster plans. As a result,
LPSRUWDQFH
importance RI of LQIRUPDWLRQ
information VHFXULW\
security, ZKLFK
which H[SRVHV
exposes WKH
the WKH
the FDVH
case VWXG\
study VKRZHG
showed WKDW
that DIWHU
after WKH
the LPSOHPHQWDWLRQ
implementation RI of WKH
the
FRPSDQ\WRVLJQLILFDQWULVNVWRLWVPRVWLPSRUWDQWDVVHWVDQG
company to significant risks to its most important assets and ,606WKHGLIIHUHQWULVNVWKDWDULVH
ISMS, the different risks that arise ZLWKLQWKHFRPSDQ\DUH
within the company are
SRVVLEOHHFRQRPLF
possible economic ORVVHV7KH
losses. The VWXG\
study LVEDVHG
is based RQ
on WKH3'&$
the PDCA EHWWHU
better FRQWUROOHG
controlled. ,Q
In VXPPDU\
summary, WKHthe LPSOHPHQWDWLRQ
implementation RI of WKH
the
&\FOH
Cycle PHWKRGRORJ\
methodology WR to FRQVWDQWO\
constantly RSWLPL]H
optimize WKH
the SURSRVHG
proposed ,606
ISMS EDVHG
based RQon ,62
ISO 
27001 ZLWK
with WKH
the 3'&$
PDCA F\FOH
cycle DQG
and
VROXWLRQ
solution. ,WV
Its REMHFWLYH
objective LV
is WR
to SURYLGH
provide Da SUDFWLFDO
practical JXLGH
guide WR
to 0DJHULW
Magerit'sVULVNPDQDJHPHQWDSSURDFKSURYHGWREHHIIHFWLYH
risk management approach proved to be effective

979-8- 3503-4483-7/24/$31.00 ©2024

979-8-3503-4483-7/24/$31.00 ©2024 IEEE
IEEE 177
177
Authorized licensed use limited to: UNIV ESTADUAL PAULISTA JULIO DE MESQUITA FILHO. Downloaded on April 23,2025 at 23:28:04 UTC from IEEE Xplore. Restrictions apply.
 LQ
in LPSURYLQJ
improving LQIRUPDWLRQ
information VHFXULW\
security. %HQHILWV
Benefits LQFOXGH
include 0LFDHOD
Micaela %DVWLGDV
Bastidas GH $SXUtPDF (UNAMBA)
de Apurimac 81$0%$  IDFHG WKH
faced the
LPSURYHG
improved LQIRUPDWLRQ SURWHFWLRQ risk
information protection, ULVN PLWLJDWLRQ
mitigation DQG
and FKDOOHQJH
challenge RIof DGHTXDWHO\ SURWHFWLQJ LQIRUPDWLRQ
adequately protecting information ZLWKRXW
without
GHILQHGUROHVZKLFKKDVOHGWRPRUHFRQWUROOHGPDQDJHPHQW
defined roles, which has led to more controlled management KDYLQJ D
having SODQ RU
a plan or JXLGHOLQHV
guidelines. 7R
To DGGUHVV WKLV VLWXDWLRQ
address this situation, DQ
an
RIEXVLQHVVULVNV
of business risks. ,606 EDVHG RQ
ISMS based on ,62,(&
ISO/IEC 
27001 :2013 was ZDV LPSOHPHQWHG
implemented,
XVLQJ 'HPLQJ
using Deming'sV 3'&$
PDCA F\FOH cycle DQGand 0$*(5,7
MAGERIT ,,, III
$OVR>@PHQWLRQLQWKHLUVWXG\WKDWLQRUGHUWRIDFHWKH
Also, [7] mention in their study that, in order to face the
PHWKRGRORJ\
methodology. 7KH The UHVXOWV
results VKRZHG
showed D a 
75% UHGXFWLRQ
reduction LQin
GDQJHUV
dangers DQG
and FKDOOHQJHV
challenges RI
of F\EHUVSDFH
cyberspace, Da SXEOLF
public FRPSDQ\
company
VHFXULW\ ULVNV D
security risks, a 
41.23% LQFUHDVH
increase LQin LPSOHPHQWHG
implemented FRQWUROV
controls
GHFLGHG
decided WR
to DQDO\]H
analyze DQG UDLVH the
and raise WKH VHFXULW\
security OHYHO
level RI
of LWV
its
DQG
and D
a 
95% LPSURYHPHQW
improvement LQ in VWDII
staff WUDLQLQJ
training LQ
in LQIRUPDWLRQ
information
LQIRUPDWLRQDQGFRPPXQLFDWLRQV\VWHPV7KHPHWKRGRORJ\
information and communication systems. The methodology
VHFXULW\
security. ,Q
In VXPPDU\
summary, the WKH LPSOHPHQWDWLRQ
implementation RI of WKH
the V\VWHP
system
DGRSWHG
adopted wasZDV based
EDVHG RQ
on ULVN
risk PDQDJHPHQW
management DQGand DLPHG
aimed to WR
VWUHQJWKHQHG
strengthened LQIRUPDWLRQ SURWHFWLRQ reduced
information protection, UHGXFHG risks
ULVNV DQG
and
HVWDEOLVKLPSOHPHQWPDLQWDLQDQGFRQWLQXRXVO\LPSURYHDQ
establish, implement, maintain and continuously improve an
LPSURYHGVHFXULW\WUDLQLQJDW81$0%$
improved security training at UNAMBA.
,606
ISMS LQ
in DFFRUGDQFH ZLWK WKH
accordance with UHTXLUHPHQWV RI
the requirements 13 ,62,(&
of NP ISO/IEC
IROORZLQJWKH3'&$F\FOH3UHOLPLQDU\UHVXOWV
27001:2013, following the PDCA cycle. Preliminary results ,Q
In FRQFOXVLRQ WKH PHWKRGRORJ\
conclusion, the methodology PHQWLRQHG
mentioned LQ WKH
in the
VKRZHG UHOHYDQW SURJUHVV
showed relevant progress DQG PDGH LW
and made SRVVLEOH to
it possible WR LGHQWLI\
identify GLIIHUHQW
different DUWLFOHV
articles SUHVHQWHG
presented DERYH
above, ZKLFK
which DOO
all DJUHH
agree WKDW WKH
that the
WKH most
the PRVW urgent
XUJHQW VHFXULW\
security DUHDV
areas DQG
and FRQWUROV WKDW UHTXLUHG
controls that required 3'&$PHWKRGRORJ\VKRXOGEHDSSOLHGSURYLGHVDEDVLVWKDW
PDCA methodology should be applied, provides a basis that
LPSURYHPHQW,QDGGLWLRQWKLVPHWKRGRORJ\OHGWRDFKDQJH
improvement. In addition, this methodology led to a change VXSSRUWVWKHFKRLFHRIWKHPHWKRGRORJ\WKDWZHDUHDSSO\LQJ
supports the choice of the methodology that we are applying
LQWKHRUJDQL]DWLRQ
in the organization'sVSRVWXUHZKLFKZHQWIURPKDYLQJPHUH
posture, which went from having mere LQ WKLV research,
in this UHVHDUFK SRLQWLQJ
pointing RXW
out GLIIHUHQW SRLQWV WR
different points to WDNH
take LQWR
into
SHUFHSWLRQV RI
perceptions of LQIRUPDWLRQ
information VHFXULW\
security OHYHOV WR REWDLQLQJ
levels to obtaining DQ
an DFFRXQWZKHQDSSO\LQJLWWRWKHZRUN
account when applying it to the work.
REMHFWLYHNQRZOHGJHRILWVQHHGV,QVXPPDU\WKHFRPSDQ\
objective knowledge of its needs. In summary, the company
VXFFHVVIXOO\
successfully LPSOHPHQWHG
implemented D PHWKRGRORJ\ EDVHG
a methodology based RQ ULVN
on risk ,,,
III. 0 (7+2'2/2*<
METHODOLOGY
PDQDJHPHQWDQGWKH3'&$F\FOHWRLPSURYHLWVLQIRUPDWLRQ
management and the PDCA cycle to improve its information
,Q WKH VHOHFWLRQ
In the selection RI WKH methodology
of the PHWKRGRORJ\ to WR EH XVHG LQ
be used WKH
in the
VHFXULW\LGHQWLILHGNH\DUHDVIRULPSURYHPHQWDQGJHQHUDWHG
security, identified key areas for improvement and generated
DPRUHREMHFWLYHDSSURDFKWRLWVVHFXULW\QHHGV SUHVHQW UHVHDUFK work,
present research ZRUN WKHthe 3'&$
PDCA PHWKRGRORJ\
methodology was ZDV
a more objective approach to its security needs.
FRQVLGHUHGEDVHGRQWKHDXWKRUVPHQWLRQHGDERYH>@>@
considered, based on the authors mentioned above: [5], [6],
/LNHZLVH>@
Likewise, [8] PHQWLRQLQWKHLUVWXG\WKDWLQWKHIDFHRI
mention in their study that, in the face of >@
[7], >@
[8], >@
[9] DQG
and >@ ZKLFK use
[10] which XVH the
WKH 3'&$ PHWKRGRORJ\
PDCA methodology
FRPSOH[
complex DQGand HYROYLQJ
evolving LQIRUPDWLRQ
information VHFXULW\
security FKDOOHQJHV
challenges, the WKH KDQG LQ
hand in KDQG
hand ZLWK
with ,62
ISO 
27001, ZKLFK
which LQIOXHQFHV WKH IRXU
influences the four
LQGXVWU\
industry UHOLHV
relies RQ ULVN DVVHVVPHQWV
on risk assessments WR to HVWDEOLVK
establish D a SKDVHVWKDWWKHPHWKRGRORJ\KDVWKHGLIIHUHQFHRIXVLQJWKH
phases that the methodology has, the difference of using the
PDQDJHPHQWIUDPHZRUNDQGFRQWLQXRXVO\LPSURYHVHFXULW\
management framework and continuously improve security. PHWKRGRORJ\ ZLWKRXW
methodology without LQIOXHQFH
influence RI
of ,62
ISO 
27001 LVis WKDW
that LW
it KDV
has
7RDVVHVVZKHWKHUWKHHVWDEOLVKHGREMHFWLYHVDUHDFKLHYHGLW
To assess whether the established objectives are achieved, it GLIIHUHQWDFWLYLWLHVZLWKLQHDFKSKDVHWKHLQIOXHQFHRI,62LV
different activities within each phase, the influence ofISO is
LV
is QHFHVVDU\
necessary to WR PHDVXUH
measure theWKH HIIHFWLYHQHVV
effectiveness DQG
and DQDO\]H
analyze JLYHQWKURXJKDFWLYLWLHVDVVRFLDWHGZLWKWKH,606DVVKRZQ
given through activities associated with the ISMS as shown
VHFXULW\FRQWUROV7KLVVWXG\SURSRVHVDPRGHOIRUDQDO\]LQJ
security controls. This study proposes a model for analyzing LQ
in WKH
the JUDSK )LJ 1). 7KLV
graph (Fig. This DSSURDFK
approach LVis DOLJQHG ZLWK the
aligned with WKH
WKH HIIHFWLYHQHVV
the effectiveness RI of VHFXULW\
security FRQWUROV
controls EDVHG
based RQ WKH 3'&$
on the PDCA SULQFLSOHVRIFRQWLQXRXVLPSURYHPHQWDQGVHHNVWRRSWLPL]H
principles of continuous improvement and seeks to optimize
F\FOH
cycle, LQin OLQH
line ZLWK
with ,62
ISO  ZKLFK FRPELQHV
27001, which combines UHVXOWV WKURXJK
results SURSHU SODQQLQJ
through proper planning, HIIHFWLYH
effective H[HFXWLRQ
execution,
PHDVXUHPHQW DQG
measurement and SHUIRUPDQFH
performance LQGLFDWRUV
indicators WR to LPSURYH
improve HYDOXDWLRQRIUHVXOWVDQGFRUUHFWLYHDFWLRQV
evaluation of results and corrective actions.
FRPSOLDQFH
compliance DQG and HIIHFWLYHQHVV
effectiveness. 7KH
The REMHFWLYH
objective LV
is WR
to FRUUHFW
correct
DQG
and LPSURYH
improve LQIRUPDWLRQ
information VHFXULW\
security FRQWURO
control REMHFWLYHV
objectives DQGand Do
WHFKQLTXHV promoting
techniques, SURPRWLQJ FRQWLQXRXV
continuous LPSURYHPHQW
improvement RI WKH
of the 6) Ma nage the risks. an d
,606$VDUHVXOWLWZDVIRXQGWKDWWKHFRQWUROVXVHGLQWKH
ISMS. As a result, it was found that the controls used in the create a risk t reat ment

V\VWHP
system KDYH
have D a JRRG
good OHYHO
level RI
of HIIHFWLYHQHVV
effectiveness, FRUUHFWO\
correctly p lan.
7) Set u p pol icies and
IXOILOOLQJ
fulfilling WKH
the IXQFWLRQ
function IRU ZKLFK WKH
for which the FRQWURO
control was ZDV p rocedu res to co nt rol risks.
B) Alloca te resources , a nd
LPSOHPHQWHG
implemented. train the staff.

6XEVHTXHQWO\
Subsequently, >@[9] IRFXVHV
focuses RQ on theWKH LQWHJUDWLRQ
integration RI of
LQIRUPDWLRQ
information VHFXULW\ ULVN DVVHVVPHQW
security risk assessment DQG XVHU GDWD
and user SULYDF\
data privacy
LQ
in PRELOH
mobile DSSOLFDWLRQV EDVHG RQ
applications based on HOHFWURQLF
electronic PRQH\
money VHUYHUV
servers Check
XVLQJ ,62
using ISO 
27001:2013, ,62 ISO 
27005:2018 DQG and ,62ISO
,WSURYLGHVDFRPSDUDWLYHDQDO\VLVDQGPHWKRG
27701:2019. It provides a comparative analysis and method 11)Conduct periodic
IRU
for LQIRUPDWLRQ WHFKQRORJ\ risk
information technology ULVN DVVHVVPHQW UHODWHG to
assessment related WR reassessment audIts: 9 ) Mon itor the
Im pleme ntation of the ISMS.
Continual
LQIRUPDWLRQ
information SULYDF\
privacy ZLWK
with HPSKDVLV
emphasis RQ on ,606
ISMS HQVXULQJ
ensuring Im prove m ent 10) Prepare for th e

FRQVLVWHQF\WKDWWKH3'&$F\FOHLVLPSOHPHQWHG7KHVWXG\
consistency that the PDCA cycle is implemented. The study Corrective action
Preventive act ion
cert ificat ion aud it.

DVVHVVHVWKHLQIRUPDWLRQVHFXULW\JDSUHODWHGWRLQIRUPDWLRQ
assesses the information security gap related to information
SULYDF\ before
privacy EHIRUH DQG
and DIWHU
after LPSOHPHQWDWLRQ KLJKOLJKWLQJ the
implementation, highlighting WKH
KDUPRQ\ between
harmony EHWZHHQ ,62,(&
ISO/IEC 
27001 :2013 DQG and ,62,(&
ISO/IEC 

27701:2019. 7KH UHVHDUFK DOVR
The research UHFRPPHQGV VSHFLILF
also recommends specific )LJ3'&$PHWKRGRORJ\ZLWK,62
Fig.!. PDCA methodology with ISO 2700 I
FRQWUROV
controls IRU SULYDF\ VXFK
for privacy, such DV
as 3,,
PII &RQWUROOHU SULYDF\ by
Controller, privacy E\
GHVLJQ
design DQG
and GHIDXOW
default, DQG
and 3,, WUDQVIHU DQG
PII transfer and GLVFORVXUH UHFRUGV
disclosure records, $ Phase:
A. 3KDVH3ODQ
Plan
DQG SURSRVHV WKH
and proposes the .$0,
KAMI ,QGH[Index PHFKDQLVP
mechanism WR DVVHVV
to assess An assessment RI
$Q DVVHVVPHQW WKH FXUUHQW
of the current VLWXDWLRQ
situation LV
is PDGH
made, FOHDU
clear
LQIRUPDWLRQ
information VHFXULW\ DQG privacy.
security and SULYDF\ 7KH
The UHVXOWV
results RI WKH VWXG\
of the study REMHFWLYHV
objectives DUH
are HVWDEOLVKHG
established DQG
and WKH QHFHVVDU\ resources
the necessary UHVRXUFHV DUH
are
FDQ
can KHOS
help LGHQWLI\
identify, DQDO\]H
analyze, DQG PLWLJDWH ULVNV
and mitigate risks LQKHUHQW
inherent LQ in DOORFDWHG
allocated. 7KLV
This OD\V WKH JURXQGZRUN
lays the groundwork IRUfor GHYHORSLQJ
developing DQG
and
VHUYHUEDVHG
server-based HOHFWURQLF
electronic moneyPRQH\ PRELOH
mobile DSSOLFDWLRQV
applications, LPSOHPHQWLQJ
implementing DQ an HIIHFWLYH
effective ,606
ISMS, DLPHG
aimed DW at FRQWLQXRXV
continuous
LPSURYLQJLQIRUPDWLRQVHFXULW\PDWXULW\
improving information security maturity. LPSURYHPHQW
improvement. 7KHThe DVVHVVPHQW
assessment RI of WKH
the FXUUHQW
current VLWXDWLRQ
situation
LQFOXGHV
includes WKH
the LGHQWLILFDWLRQ
identification RI
of WKH PRVW FULWLFDO
the most critical LQIRUPDWLRQ
information-
)LQDOO\>@PHQWLRQLQWKHLUVWXG\WKDWWKH,QIRUPDWLRQ
Finally, [10] mention in their study that the Information
UHODWHGDVVHWV
related assets.
7HFKQRORJ\
Technology 'HSDUWPHQW
Department RI
of WKH 8QLYHUVLGDG Nacional
the Universidad 1DFLRQDO

178
Authorized licensed
2024 14th International Conference on Cloud Computing, Data Science & Engineering (Confluence)
178 use limited2024 14th
to: UNIV 1nternational
ESTADUAL Conference
PAULISTA on CloudFILHO.
JULIO DE MESQUITA Computing, Data
Downloaded Science
on April & atEngineering
23,2025 (Confluence)
23:28:04 UTC from IEEE Xplore. Restrictions apply.
 $FWLYLW\,GHQWLI\EXVLQHVVREMHFWLYHV
Activity 1: Identify business objectives 0DQDJH risks
Manage ULVNV and DQG 0HGLXP
Medium 
19/06/2023 
21/06/2023
FUHDWH
create aD ULVN
risk
$Q assessment
An DVVHVVPHQW of
RI the
WKH company's
FRPSDQ\ V business
EXVLQHVV objectives
REMHFWLYHV in
LQ WUHDWPHQWSODQ
treatment plan
UHODWLRQWRLQIRUPDWLRQVHFXULW\LVFDUULHGRXW7KLVLQYROYHV
relation to information security is carried out. This involves (VWDEOLVK policies
Establish SROLFLHV 0HGLXP
Medium 
22/06/2023 
24/06/2023
DQG procedures
and SURFHGXUHV for IRU
XQGHUVWDQGLQJ what
understanding ZKDW the
WKH company
FRPSDQ\ requires
UHTXLUHV and
DQG in
LQ tum
WXUQ its
LWV ULVNFRQWURO
risk control
H[SHFWDWLRQVLQWHUPVRIWKHLQIRUPDWLRQVHFXULW\SLOODUV
expectations in terms of the information security pillars. $OORFDWH resources
Allocate UHVRXUFHV /RZ
Low 
26/06/2023 
27/06/2023
DQGWUDLQVWDII
and train staff
3KDVH9HULI\
Phase 3: Verifv
7$%/(,
TABLE!. %86,1(66OBJECTIVES
BUSINESS 2%-(&7,9(6
0RQLWRU
Monitor WKH
the /RZ
Low 
28/06/2023 
29/06/2023
,PSOHPHQWVHFXULW\PHDVXUHVWRVDIHJXDUGLPSRUWDQWFRPSDQ\DQG
Implement security measures to safeguard important company and
LPSOHPHQWDWLRQ of
implementation RI
FXVWRPHULQIRUPDWLRQDJDLQVWXQDXWKRUL]HGDFFHVVDQGORVV WKH,606
the ISMS
customer information against unauthorized access and loss.
3UHSDUH
Prepare IRU
for /RZ
Low 
30/06/2023 
30/06/2023
(QVXUH the
Ensure WKH security
VHFXULW\ pillars
SLOODUV of
RI the
WKH organization's
RUJDQL]DWLRQ V critical
FULWLFDO FHUWLILFDWLRQDXGLW
certification audit
LQIRUPDWLRQ
information. 3KDVH$FW   
Phase 4: Act
(QVXUH compliance
Ensure FRPSOLDQFH withZLWK the
WKH different
GLIIHUHQW legal
OHJDO and
DQG regulatory
UHJXODWRU\ 3ODQQHG actions
Planned DFWLRQV are DUH 0HGLXP
Medium 
03/07/2023 
05/07/2023
UHTXLUHPHQWVUHODWHGWRVHFXULW\
requirements related to security. H[HFXWHG
executed DQG
and
3UHVHUYH business
Preserve EXVLQHVV continuity
FRQWLQXLW\ with
ZLWK respect
UHVSHFW to
WR possible
SRVVLEOH negative
QHJDWLYH FKDQJHV to
changes WR ISMS
,606
VHFXULW\HYHQWV
security events. SURFHVVHV
processes,
(VWDEOLVK aD culture
FXOWXUH of
RI information
LQIRUPDWLRQ security
VHFXULW\ in
LQ all
DOO areas
DUHDV of
RI the
WKH SURFHGXUHV
procedures DQG
and
Establish
FRQWUROV
controls DUH
are
FRPSDQ\
company. LPSOHPHQWHG
implemented
 
$FWLYLW\6HOHFWDSSURSULDWHVFRSH
Activity 2: Select appropriate scope. $FWLYLW\ 3:
 Prepare
3UHSDUH an
DQ inventory
LQYHQWRU\ of
RI information
LQIRUPDWLRQ
Activity
7KH scope
The VFRSH of
RI the
WKH ISMS
,606 isLV delimited
GHOLPLWHG by
E\ identifying
LGHQWLI\LQJ the
WKH DVVHWV
assets.
FRPSDQ\ V information
company's LQIRUPDWLRQ assets
DVVHWVand
DQGprocesses
SURFHVVHVto WRbe
EH included
LQFOXGHG ,QIRUPDWLRQ assets
DVVHWV relevant
UHOHYDQW toWR the
WKH organization
RUJDQL]DWLRQ are
DUH
Information
LQWKH,606$OOUHOHYDQWDVVHWVPXVWEHWDNHQLQWRDFFRXQW
in the ISMS. All relevant assets must be taken into account. FRPSUHKHQVLYHO\LGHQWLILHG$OODVVHWVWKDWFRQWDLQYDOXDEOH
comprehensively identified. All assets that contain valuable
,Whelps
It KHOSV to
WR direct
GLUHFW security
VHFXULW\ efforts
HIIRUWV to
WR the
WKH most
PRVW critical
FULWLFDO areas
DUHDV LQIRUPDWLRQ andDQG require
UHTXLUH protection
SURWHFWLRQ areDUH identified
LGHQWLILHG and
DQG
information
DQG ensures
and HQVXUHV effective
HIIHFWLYH protection
SURWHFWLRQ of RI information
LQIRUPDWLRQ and,DQG GRFXPHQWHG  Each
(DFK asset
DVVHW is
LV classified
FODVVLILHG according
DFFRUGLQJ toWR its
LWV
documented.
OLNHZLVHWKHSURMHFWVFKHGXOHLVGHILQHG
likewise, the project schedule is defined. LPSRUWDQFH andDQG risk
ULVN level,
OHYHO using
XVLQJ the
WKH risk
ULVN assessment
DVVHVVPHQW
importance
SUHYLRXVO\ performed.
previously SHUIRUPHG Only
2QO\ some
VRPH of
RI the
WKH existing
H[LVWLQJ ones
RQHV are
DUH
7$%/(,,
TABLE I!. 6&23(2)
SCOPE 7+(,606$1'
OFTHEISMS 6&+('8/(
AND SCHEDULE OLVWHGEHORZ
listed below .
,QWURGXFWLRQ
Introduction
7KLV document
This GRFXPHQW establishes
HVWDEOLVKHV the
WKH scope
VFRSH of
RI the
WKH ISMS
,606 implemented
LPSOHPHQWHG in LQ our
RXU 7$%/(,9
TABLE IV. $66(7,'(17,),&$7,21
ASSETIDENTIFICATION
DJULFXOWXUDOWRROVPDQXIDFWXULQJFRPSDQ\
agricultural tools manufacturing company.
2EMHFWLYHVRIWKH,606
Obiectives of the ISMS 1DPHRIDVVHW
Name ofasset 'HVFULSWLRQ
Description 2ZQHU
Owner
7KH ISMS
The ,606 aims
DLPV toWR protect
SURWHFW the
WKH company's
FRPSDQ\ V and DQG customers'
FXVWRPHUV  personal
SHUVRQDO &UHGHQWLDOV
Credentials /RJLQLQIRUPDWLRQDQG
Login information and ,7'HSDUWPHQW
IT Department
LQIRUPDWLRQ as
information, DV well
ZHOO as
DV to
WR ensure
HQVXUH the
WKH security
VHFXULW\ of
RI the
WKH network
QHWZRUN against
DJDLQVW SDVVZRUGVIRUDFFHVVLQJ
passwords for accessing
SRVVLEOHDWWDFNV
possible attacks V\VWHPV
systems.
6FRSHRIWKH,606
Scone of the ISMS 3URGXFW&DWDORJ
Product Catalog &RQWDLQVGHWDLOHGLQIRUPDWLRQ
Contains detailed information ,7'HSDUWPHQW
IT Department
-'DWDEDVHVDQGLQIRUPDWLRQPDQDJHPHQWV\VWHPV
Databases and information management systems. RQSURGXFWVPDQXIDFWXUHG
on products manufactured
-,QIRUPDWLRQWHFKQRORJ\LQIUDVWUXFWXUH
Information technology infrastructure. 0DQXIDFWXULQJ
Manufacturing 'RFXPHQWVVWHSVDQG
Documents steps and 3URGXFWLRQ
Production
-$SSOLFDWLRQVDQGVRIWZDUHXVHG
Applications and software used. 3URFHVV0DQXDO
Process Manual SURFHGXUHVIRUWRROLQJ
procedures for tooling 'HSDUWPHQW
Department
-'RFXPHQWDWLRQDQGILOHVLQGLJLWDORUSULQWHGIRUPDW
Documentation and files in digital or printed format. PDQXIDFWXUH
manufacture
-,QWHUQDODQGH[WHUQDOFRPPXQLFDWLRQV
Internal and external communications. 6SUHDGVKHHW
Spreadsheet (PSOR\HHLQIRUPDWLRQ
Employee information, +XPDQ5HVRXUFHV
Human Resources
([FOXVLRQV
Exclusions 'DWD
Data VDODULHVEHQHILWV
salaries , benefits 'HSDUWPHQW
Department
7KHISMS
The ,606doGRnot
QRWcover
FRYHUthird
WKLUGSDUW\ V\VWHPVand
party systems DQGdata
GDWDandDQGother
RWKHUactivities
DFWLYLWLHV &XVWRPHU
Customer 6WRUHVFRQWDFWLQIRUPDWLRQ
Stores contact information 6DOHV'HSDUWPHQW
Sales Department
RXWVLGHWKHVFRSHPHQWLRQHG
outside the scope mentioned. GDWDEDVH
database DQGFXVWRPHUGHWDLOV
and customer details
5HVSRQVLELOLWLHV
Responsibilities 6XSSOLHUGDWD
Supplier data 6WRUHVFRQWDFWLQIRUPDWLRQ
Stores contact information 3XUFKDVLQJ
Purchasing
-7RSPDQDJHPHQW,PSOHPHQWDWLRQDQGPDLQWHQDQFHRIWKH,606
Top management: Implementation and maintenance of the ISMS. DQGVXSSOLHUGHWDLOV
and supplier details 'HSDUWPHQW
Department
-,QIRUPDWLRQ6HFXULW\7HDP6XSHUYLVLRQDQGFRRUGLQDWLRQ
Information Security Team: Supervision and coordination. (PDLOV
E-mails 0DLOLQJVIRULQWHUQDODQG
Mailings for internal and ,7'HSDUWPHQW
IT Department
-(PSOR\HHV&RPSOLDQFHDQGLQFLGHQWUHSRUWLQJ
Employees: Compliance and incident reporting. H[WHUQDOFRPSDQ\
external company
 FRPPXQLFDWLRQ
communication.
7KLVGRFXPHQWHVWDEOLVKHVWKHEDVLVIRUWKHGHVLJQDQGLPSOHPHQWDWLRQRI
This document establishes the basis for the design and implementation of 3XUFKDVH
Purchase 6XSSOLHUTXRWDWLRQUHFRUGV
Supplier quotation records 3XUFKDVLQJ
Purchasing
VHFXULW\FRQWUROVDQGSURYLGHVDFOHDUXQGHUVWDQGLQJRIWKHVFRSHRIWKH
security controls and provides a clear understanding of the scope of the TXRWDWLRQV
quotations IRUSXUFKDVHVRIPDWHULDOV
for purchases of materials 'HSDUWPHQW
Department
,606LQRXUDJULFXOWXUDOWRROPDQXIDFWXULQJFRPSDQ\
ISMS in our agricultural tool manufacturing companv. DQGVXSSOLHV
and supplies.
(QWHUSULVH
Enterprise 0DQDJHVWKHFRPSDQ\
Manages the company'sV ,7'HSDUWPHQW
IT Department
7$%/(,,,
TABLE III. '(9(/230(172)7+(
DEVELOPMENT 3'&$METHODOLOGY
OFTHE PDCA 0(7+2'2/2*< 5HVRXUFH
Resource EXVLQHVVDQGRSHUDWLRQDO
business and operational
3ODQQLQJ6\VWHP
Planning System SURFHVVHV
processes
$FWLYLW\
Activity 3ULRULW\
Priority +RPH
Home )LQDO
Final 'DWDEDVH6HUYHU
Database Server 6WRUHVDQGPDQDJHVWKH
Stores and manages the ,7'HSDUWPHQW
IT Department
3KDVH3ODQ
Phase I: Plan FRPSDQ\ VGDWD
company's data
,GHQWLI\
Identify EXVLQHVV
business +LJK
High 
29/05/2023 
02/06/2023 
REMHFWLYHV
objectives $FWLYLW\'HILQHDULVNDVVHVVPHQWPHWKRG
2EWDLQ management
PDQDJHPHQW +LJK  
Activity 4: Define a risk assessment method.
Obtain High 05/06/2023 08/06/2023
VXSSRUW
support )LUVWthe
First, WKH probability
SUREDELOLW\and
DQG impact
LPSDFW scales
VFDOHV are
DUH defined
GHILQHG and
DQG
6HOHFW appropriate
Select DSSURSULDWH +LJK
High 
0906/2023 
13/06/2023 WKHQDULVNOHYHOLVDVVLJQHGWRWKHGLIIHUHQWDVVHWVWKDWKDYH
VFRSH
then a risk level is assigned to the different assets that have
scope
'HILQH EHHQLGHQWLILHG
been identified.
Define aD ULVN
risk 0HGLXP
Medium 
14/06/2023 
15/06/2023
DVVHVVPHQWPHWKRG
assessment method
3UHSDUHanDQinventory
LQYHQWRU\ 0HGLXP  

Prepare Medium 16/06/2023 17/06/2023
RILQIRUPDWLRQDVVHWV
of information assets 
3KDVH'R
Phase 2: Do

Authorized licensed use

2024 14th International Conference on Cloud Computing, Data Science & Engineering (Confluence)
2024 14th
limited International
to: UNIV Conference
ESTADUAL PAULISTA onDE
JULIO Cloud Computing,
MESQUITA Data Science
FILHO. Downloaded Engineering
&23,2025
on April (Confluence)
at 23:28:04 179
UTC from IEEE Xplore. Restrictions apply.
179
 7$%/(9
TABLEV. 352%$%,/,7<$1'
PROBABILITY ,03$&7SCALE
AND IMPACT 6&$/($1' 5,6.MATRIX
AND RISK 0$75,; gJ3URFHVV
Process WKHPDQXDO
the manual PRGLILFDWLRQRI
modification of
0DQXDO
Manual SURFHVVPDQXDO
process manual
3UREDELOLW\
Probability 'HVFULSWLRQ
Description 6SUHDGVKHHW
Spreadsheet /RVVRUWKHIW
Loss or theft /HDNDJHRI
Leakage of 
50 ([WUHPH
Extreme
9HU\/RZ
Very Low 7KHULVNLVKLJKO\XQOLNHO\WRRFFXU
The risk is highly unlikely to occur. 'DWD
Data RIGDWD
of data FRQILGHQWLDO
confidential
7KHULVNKDVDORZSUREDELOLW\RI LQIRUPDWLRQ
information
/RZ The risk has a low probability of
Low RFFXUULQJ &XVWRPHU
Customer &XVWRPHU
Customer 8QDXWKRUL]HG
Unauthorized 
32 ([WUHPH
Extreme
occurring. GDWDEDVH GDWDOHDNDJH DFFHVVWKURXJK
database data leakage access through
7KHULVNKDVDPRGHUDWHSUREDELOLW\
The risk has a moderate probability YXOQHUDELOLWLHV
0RGHUDWH
Moderate vulnerabilities
RIRFFXUULQJ
of occurring. 6XSSOLHU
Supplier /HDNDJHRI
Leakage of 8QDXWKRUL]HG
Unauthorized 
18 ,QWROHUDEO
Intolerabl
7KHULVNKDVDKLJKSUREDELOLW\RI
The risk has a high probability of GDWDEDVH
database VXSSOLHUGDWD
supplier data DFFHVVWKURXJK
access through eH
+LJK
High RFFXUULQJ
occurring. YXOQHUDELOLWLHV
vulnerabilities
9HU\+LJK
Very High 7KHULVNLVKLJKO\OLNHO\WRRFFXU
The risk is highly likely to occur . (PDLOV
E-mails /HDNDJHRI
Leakage of ,GHQWLW\WKHIW
Identity theft 
18 ,QWROHUDEO
Intolerabl
 LQIRUPDWLRQ
information eH
WKURXJKH
through e-
,PSDFW 'HVFULSWLRQ PDLOV
mails
Impact Description
/HJDO
Legal 8QDXWKRUL]HG
Unauthorized 8QDXWKRUL]HG
Unauthorized 
18 ,QWROHUDEO
Into lerab l
7KHLPSDFWRIWKHULVNLV
The impact of the risk is 'RFXPHQWV DFFHVVWR DFFHVVWR
1HJOLJLEOH
Negligible Documents access to access to eH
QHJOLJLEOH
negligible. OHJDO
legal FRQILGHQWLDO
confidential
7KHLPSDFWRIWKHULVNLVORZDQG
The impact of the risk is low and GRFXPHQWV
documents LQIRUPDWLRQ
information
/RZ
Low KDVOLWWOHUHOHYDQFH
has little relevance. /RJLVWLF
Logistic /HDNDJHRI
Leakage of ,QWHUFHSWLRQRI
Interception of 
18 ,QWROHUDEO
Intolerabl
7KHLPSDFWRIWKHULVNLVPRGHUDWH
The impact of the risk is moderate LQIRUPDWLRQ
information ORJLVWLFDO
logistical FRPPXQLFDWLRQ
communication eH
0RGHUDWH
Moderate LQIRUPDWLRQ V
DQGZRXOGDIIHFWVRPHDUHDV
and would affect some areas. information s
7KHLPSDFWRIWKHULVNLVKLJKDQG
The impact of the risk is high and 
+LJK
High ZRXOGDIIHFWVHYHUDODUHDV
would affect several areas.
7KHLPSDFWRIWKHULVNLVFULWLFDO
The impact of the risk is critical
$FWLYLW\
Activity (VWDEOLVKpolicies
2: Establish SROLFLHVand
DQGprocedures
SURFHGXUHVIRU ULVN
for risk
9HU\+LJK
Very High DQGZRXOGDIIHFWWKHHQWLUH
and would affect the entire FRQWURO
control.
SURMHFWVLWXDWLRQ
project/situation.
 3ROLFLHVand
Policies DQGprocedures
SURFHGXUHVthat WKDWwill
ZLOOguide
JXLGHthe
WKHcontrol
FRQWUROand
DQG
PDQDJHPHQW of
management RI risks
ULVNV in
LQ the
WKH company
FRPSDQ\ are
DUH established
HVWDEOLVKHG and
DQG
 3UREDELOLW\
Probability GRFXPHQWHG7KHVHSROLFLHVGHILQHWKHJHQHUDOSULQFLSOHVDQG
9HU\/RZ /RZ 0RGHUDWH +LJK 9HU\
documented. These policies define the general principles and
Very Low Low Moderate High Very
+LJK
High
DSSURDFKHV to
approaches WR risk
ULVN management,
PDQDJHPHQW while ZKLOH the
WKH procedures
SURFHGXUHV
,PSDFW
Impact GHVFULEHWKHVSHFLILFVWHSVWREHIROORZHGWRLGHQWLI\DVVHVV
describe the specific steps to be followed to identify, assess
1HJOLJLEOH
Negligible 7ROHUDEOH
Tolerable 7ROHUDEOH
Tolerable 7ROHUDEOH
Tolerable 7ROHUDEOH
Tolerable ,QWROHU
Into ler DQGDGGUHVVULVNV
and address risks.
DEOH
able
/RZ
Low 7ROHUDEOH
Tolerable 7ROHUDEOH
Tolerable 7ROHUDEOH
Tolerable ,QWROHUDEOH
Intolerable ([WUH
Extre
mePH 7$%/(9,, ,7SECURITY
6(&85,7<POLICY
32/,&<
TABLE VII. IT
0RGHUDWH
Moderate 7ROHUDEOH
Tolerable 7ROHUDEOH
Tolerable ,QWROHUDEOH
Intolerable ([WUHPH
Extreme ([WUH
Extre
mePH 2EMHFWLYH
Objective
+LJK
High 7ROHUDEOH
Tolerable ,QWROHUDEOH
Intolerable ([WUHPH
Extreme ([WUHPH
Extreme ([WUH
Extre 7KH purpose
The SXUSRVH of RI the
WKH security
VHFXULW\ policies
SROLFLHV isLV toWR safeguard
VDIHJXDUGthe
WKH company's
FRPSDQ\ V
mePH
LQIRUPDWLRQWKHUHIRUHLWVHHNVWRFRPSO\ZLWKWKHUHJXODWLRQVDSSOLFDEOH
information; therefore, it seeks to comply with the regulations applicable
9HU\
Very ,QWROHUDEOH
Intolerable ([WUHPH
Extreme ([WUHPH
Extreme ([WUHPH
Extreme ([WUH
Extre
+LJK mePH toWRFRPSXWHUVHFXULW\DQGGDWDSURWHFWLRQ
computer security and data protection.
Hil!h $FFHVVDQGDXWKHQWLFDWLRQSROLF\
Access and authentication policy
 $VVLJQDFFHVVULJKWVEDVHGRQUROHVDQGUHVSRQVLELOLWLHV
-Assign access rights based on roles and responsibilities.
A$ULVNDVVHVVPHQWZDVFDUULHGRXWDQGWKHWUHDWPHQWWKDW
risk assessment was carried out and the treatment that 8VH two-factor
-Use WZRIDFWRU authentication
DXWKHQWLFDWLRQ toWR increase
LQFUHDVH security
VHFXULW\ when
ZKHQ accessing
DFFHVVLQJ
EHVWsuits
best VXLWVthe
WKHcompany's
FRPSDQ\ Vcontext
FRQWH[WisLVthat
WKDWall
DOOrisks
ULVNVshould
VKRXOGbe
EH FULWLFDOV\VWHPV
critical systems.
UHGXFHGFKRRVLQJWKLVW\SHRIWUHDWPHQWDPRQJWKHGLIIHUHQW 5LVN0DQDJHPHQW3ROLF\
Risk Management Policy
reduced, choosing this type of treatment among the different
(VWDEOLVK aD process
-Establish SURFHVV toWR identify
LGHQWLI\ and
DQG document
GRFXPHQWpotential
SRWHQWLDO information
LQIRUPDWLRQ
H[LVWLQJRQHV
existing ones. VHFXULW\ULVNVLQWKHRUJDQL]DWLRQ
security risks in the organization.
.HHSULVNWUHDWPHQWSODQVXSWRGDWHDQGPDNHDGMXVWPHQWVDVQHFHVVDU\
-Keep risk treatment plans UP to date and make adjustments as necessary.
% Phase:
B. 3KDVH'R
Do $FFHSWDEOH8VH3ROLF\
Acceptable Use Policy
$W this
At WKLV stage,
VWDJH the
WKH different
GLIIHUHQW controls
FRQWUROV associated
DVVRFLDWHG with
ZLWK 3URKLELW the
-Prohibit WKH installation
LQVWDOODWLRQ of RI unauthorized
XQDXWKRUL]HG softwareVRIWZDUH and
DQG access
DFFHVV toWR
VHFXULW\system
security, V\VWHPconfiguration
FRQILJXUDWLRQandDQGthe
WKHtechnology
WHFKQRORJ\used
XVHGare
DUH LQDSSURSULDWHZHEVLWHVDQGFRQWHQW
inappropriate websites and content.
LPSOHPHQWHGDQGLWLVDOVRYHU\LPSRUWDQWWRWUDLQDQGUDLVH
implemented, and it is also very important to train and raise 7UDLQemployees
-Train HPSOR\HHVon RQsecurity
VHFXULW\risks
ULVNVand
DQGthe WKHimportance
LPSRUWDQFHof RIprotecting
SURWHFWLQJ
FRQILGHQWLDOLQIRUPDWLRQ
confidential information
DZDUHQHVV among
awareness DPRQJ the WKH people
SHRSOH involved,
LQYROYHG toWR establish
HVWDEOLVK aD
'DWDEDFNXSDQGUHFRYHU\SROLF\
Data backup and recovery policy
GRFXPHQWDWLRQRIWKHSURFHGXUHVDQGILQDOO\WRPRQLWRUDQG
documentation of the procedures and finally to monitor and 5HJXODUO\EDFNXSFULWLFDOFRPSDQ\GDWD
-Regularly back up critical company data.
IROORZXS
follow up. 6WRUHEDFNXSVLQDVHFXUHORFDWLRQDQGSHULRGLFDOO\WHVWGDWDUHFRYHU\
-Store backups in a secure location and periodically test data recovery.
3K\VLFDOVHFXULW\SROLF\
Physical security policy
$FWLYLW\0DQDJHULVNVDQGFUHDWHDULVNWUHDWPHQW
Activity 1: Manage risks and create a risk treatment &RQWUROphysical
SK\VLFDOaccess
DFFHVVtoWRareas
DUHDVwhere
ZKHUHservers
VHUYHUVand DQGcritical
FULWLFDOequipment
HTXLSPHQW
-Control
SODQ
plan. DUHORFDWHG
are located.
7UDLQ employees
-Train HPSOR\HHV on RQ physical
SK\VLFDO security
VHFXULW\ measures
PHDVXUHV andDQG reporting
UHSRUWLQJ ofRI
,GHQWLILFDWLRQDQG
Identification SULRULWL]DWLRQof
and prioritization RIthreats
WKUHDWVWKDW PD\have
that may KDYH LQFLGHQWVRUVXVSLFLRXVEHKDYLRU
incidents or suspicious behavior.
DQ impact
an LPSDFW on
RQ the
WKH company
FRPSDQ\ isLV carried
FDUULHG out.
RXW An
$Q exhaustive
H[KDXVWLYH

DQDO\VLVRIWKHSRWHQWLDOULVNVLVFDUULHGRXWFRQVLGHULQJERWK
analysis of the potential risks is carried out, considering both
WKHLUprobability
their SUREDELOLW\ofRIoccurrence
RFFXUUHQFHandDQGthe
WKHimpact
LPSDFWthey
WKH\would
ZRXOG $FWLYLW\$OORFDWHUHVRXUFHVDQGWUDLQVWDII
Activity 3: Allocate resources and train staff.
KDYHRQWKHDFKLHYHPHQWRIWKHFRPSDQ\
have on the achievement of the company'sVREMHFWLYHV2QO\
objectives. Only
VRPHRIWKHH[LVWLQJRQHVDUHOLVWHGEHORZ $GHTXDWHresources,
Adequate UHVRXUFHVbothERWKfinancial
ILQDQFLDOand
DQGhuman,
KXPDQmust
PXVWbeEH
some of the existing ones are listed below. DOORFDWHG toWR support
VXSSRUW risk
ULVN control
FRQWURO activities
DFWLYLWLHV effectively.
HIIHFWLYHO\ In
,Q
allocated
DGGLWLRQ itLW isLV critical
addition, FULWLFDO to
WR train
WUDLQ staff
VWDII in
LQ risk
ULVN management
PDQDJHPHQW
7$%/(9,
TABLE VI. 5,6.ASSESSMENT
RISK $66(660(17 FRQFHSWVPHWKRGRORJLHVDQGSUDFWLFHV
concepts, methodologies and practices.
$VVHWV
Assets 5LVN
Risk 7KUHDW
Threat 5LVN
Risk ,QKHUHQW
Inherent 
&DOFXODWLR
Calculatio 5LVN
Risk
nQ /HYHO
Level 
&UHGHQWLDOV
Credentials ,PSHUVRQDWLR
Impersonatio 3KLVKLQJDWWDFN
Phishing attack 
32 ([WUHPH
Extreme
nQHYHQWV
events 
3URGXFW
Product 8QDXWKRUL]HG
Unauthorized 8QDXWKRUL]HG
Unauthorized 8 7ROHUDEOH
Tolerable
&DWDORJ GLVFORVXUH GDWDEDVHDFFHVV
Catalog
0DQXIDFWXULQ
disclosure
$OWHUDWLRQLQ
database access
8QDXWKRUL]HG  ([WUHPH

Manufacturin Alteration in Unauthorized 38 Extreme

180 use limited2024

180
Authorized licensed
2024 14th International Conference on Cloud Computing, Data Science & Engineering (Confluence)
14th
to: UNIV 1nternational
ESTADUAL Conference
PAULISTA on CloudFILHO.
JULIO DE MESQUITA Computing, Data
Downloaded Science
on April Engineering
& at
23,2025 23:28:04 UTC (Confluence)
from IEEE Xplore. Restrictions apply.
 7$%/(9,,,
TABLE VIII. +80$1RESOURCES
HUMAN 5(6285&(6PLAN
3/$1 7KH correct
The FRUUHFW compliance
FRPSOLDQFH with
ZLWK security
VHFXULW\ policies
SROLFLHV and
DQGprocedures
SURFHGXUHVmust
PXVWbe
EH
YHULILHG
verified.
,QIRUPDWLRQ6HFXULW\2IILFHU
Information Security Officer &ULWHULD
Criteria
5HVSRQVLEOH for
-Responsible IRU ensuring
HQVXULQJ basic
EDVLF information
LQIRUPDWLRQ security
VHFXULW\ in
LQ the
WKH home
KRPH or
RU
,QWHUQDWLRQDO,6066WDQGDUGV,62PXVWEHXVHG
International ISMS Standards - ISO 2700 I must be used.
VPDOORUJDQL]DWLRQ
small organization 2. ,QIRUPDWLRQVHFXULW\SUDFWLFHVDQGVWDQGDUGVPXVWEHXVHG
Information security practices and standards must be used.
,GHQWLILHVSRVVLEOHULVNVDQGWDNHVPHDVXUHVWRPLQLPL]HWKHP
-Identifies possible risks and takes measures to minimize them.
3URJUDPPLQJ
Programming
7HFKQLFDO6XSSRUW6WDII
Technical Support Staff
3URYLGHVWHFKQLFDODVVLVWDQFHRQLQIRUPDWLRQVHFXULW\LVVXHV 'XUDWLRQ I
Duration 7GD\V
days
-Provides technical assistance on information security issues.
$VVLVWVLQFRQILJXULQJDQGPDLQWDLQLQJEDVLFVHFXULW\VHWWLQJVRQGHYLFHV 'DWH
Date I 
06/07/2023
-Assists in configuring and maintaining basic security settings on devices
DQGKRPHQHWZRUNV 5HVSRQVLEOH
Responsible
and home networks.
&RPSXWHU6HFXULW\$QDO\VW /HDG$XGLWRUV5HVSRQVLEOHIRUOHDGLQJWKHDXGLWLQTXHVWLRQLQDGGLWLRQ
Lead Auditors: Responsible for leading the audit in question, in addition
Computer Security Analyst
5HVSRQVLEOHIRULGHQWLI\LQJDVVHVVLQJDQGDEDWLQJLQIRUPDWLRQVHFXULW\ WR being
to EHLQJ in
LQ charge
FKDUJH of
RI coordinating
FRRUGLQDWLQJ all
DOO activities
DFWLYLWLHV with
ZLWK their
WKHLU team
WHDP and
DQG
-Responsible for identifying, assessing and abating information security
WKUHDWV SUHSDULQJWKHILQDODXGLWUHSRUW
preparing the [mal audit report.
threats.
'HYHORSVDQGLPSOHPHQWVVHFXULW\SROLFLHVSURFHGXUHVDQGFRQWUROV
-Develops and implements security policies, procedures and controls. ' Phase:
D. 3KDVH$FW
Act
& Phase:
C. 3KDVH&KHFN
Check 3ODQQHG actions
Planned DFWLRQVare
DUHexecuted
H[HFXWHG and
DQGchanges
FKDQJHV in
LQprocesses,
SURFHVVHV
7KHUHVXOWVREWDLQHGDIWHULPSOHPHQWDWLRQDUHPRQLWRUHG
The results obtained after implementation are monitored SURFHGXUHVDQG,606FRQWUROVDUHLPSOHPHQWHG,QDGGLWLRQ
procedures and ISMS controls are implemented. In addition,
DQG evaluated,
and HYDOXDWHG comparing
FRPSDULQJ theWKH data
GDWD collected
FROOHFWHG with
ZLWK the
WKH WKH effectiveness
the HIIHFWLYHQHVV of
RI the
WKH implemented
LPSOHPHQWHG actions
DFWLRQV is
LV monitored
PRQLWRUHG
HVWDEOLVKHG objectives.
established REMHFWLYHV Verification
9HULILFDWLRQ makes
PDNHV itLW possible
SRVVLEOH to
WR DQG evaluated
and HYDOXDWHG to
WR verify
YHULI\ the
WKH expected
H[SHFWHG results
UHVXOWV and
DQG thus
WKXV
HYDOXDWH the
evaluate WKH effectiveness
HIIHFWLYHQHVV of
RI the
WKH actions
DFWLRQV implemented
LPSOHPHQWHG and DQG LPSURYHLQIRUPDWLRQVHFXULW\LQWKHRUJDQL]DWLRQ
improve information security in the organization.
SURYLGHV information
provides LQIRUPDWLRQ for
IRU decision
GHFLVLRQ making
PDNLQJ for IRU possible
SRVVLEOH 
LPSURYHPHQWV
improvements. $FWLYLW\&RQGXFWSHULRGLFUHDVVHVVPHQWDXGLWV
Activity 1: Conduct periodic reassessment audits.
$FWLYLW\0RQLWRUWKHLPSOHPHQWDWLRQRIWKH,606
Activity 1: Monitor the implementation of the ISMS. )RFXVHVRQFRQGXFWLQJLQWHUQDODXGLWVRQDUHJXODUEDVLV
Focuses on conducting internal audits on a regular basis
7KH ISMS
The ,606 implementation
LPSOHPHQWDWLRQ process
SURFHVV is
LV thoroughly
WKRURXJKO\ WR evaluate
to HYDOXDWH the
WKH effectiveness
HIIHFWLYHQHVV of
RI the
WKH ISMS.
,606 These
7KHVH internal
LQWHUQDO
PRQLWRUHGDQGVXSHUYLVHG7KHREMHFWLYHLVWRHQVXUHWKDWWKH
monitored and supervised. The objective is to ensure that the DXGLWV aim
audits DLP to
WR identify
LGHQWLI\ areas
DUHDV where
ZKHUH different
GLIIHUHQW processes
SURFHVVHV or
RU
SODQQHGDFWLRQVDUHEHLQJFDUULHGRXWDQGWKDWWKHHVWDEOLVKHG
planned actions are being carried out and that the established DFWLYLWLHV can
activities FDQ beEH improved,
LPSURYHG verify
YHULI\ compliance
FRPSOLDQFH with
ZLWK the
WKH
VHFXULW\ controls
security FRQWUROV are
DUH being
EHLQJ complied
FRPSOLHG with.
ZLWK Continuous
&RQWLQXRXV GLIIHUHQWUHTXLUHPHQWVPHQWLRQHGLQ,62DQGHYDOXDWH
different requirements mentioned in ISO 27001 and evaluate
PRQLWRULQJRISURMHFWSURJUHVVLVSHUIRUPHG
monitoring of project progress is performed. WKHLPSOHPHQWDWLRQRIVHFXULW\FRQWUROV7KHLUREMHFWLYHLVWR
the implementation of security controls. Their objective is to
HYDOXDWH the
evaluate WKH effectiveness
HIIHFWLYHQHVV of RI the
WKH ISMS,
,606 identify
LGHQWLI\ non-
QRQ
7$%/(,; 352-(&7PROGRESSAND
352*5(66$1'PROGRESSREPORTS
352*5(665(32576
FRQIRUPLWLHV or
conformities RU areas
DUHDV for
IRU improvement,
LPSURYHPHQW and DQG provide
SURYLGH
TABLE IX. PROJECT
UHFRPPHQGDWLRQVIRUFRQWLQXRXVLPSURYHPHQWRIWKHV\VWHP
recommendations for continuous improvement of the system
)LQGLQJ
Finding &RUUHFWLYH
Corrective 5HVSRQVLEOH
Responsible 'DWH
Date 6WDWXV
Status LPSDUWLDOO\DQGREMHFWLYHO\
$FWLRQ
impartially and objectively.
Action
6SRRILQJ
Spoofing ,PSOHPHQW
Implement ,7
IT 
01/06/23 &RPSOHW
Complet
HYHQWV
events XVHU
user 7HDP
Team eH 7$%/(;,
TABLE XI. &217,18286IMPROVEMENT
CONTINUOUS ,03529(0(17PLAN
3/$1
DXWKHQWLFDWLRQ
authentication
DQG
and )LQGLQJ,GHQWLW\7KHIW(YHQWV
Finding 1: Identity Theft Events
YDOLGDWLRQ
validation. ,PSURYHPHQW
Improvement ,PSOHPHQWXVHUDXWKHQWLFDWLRQDQGYDOLGDWLRQ
Implement user authentication and validation.
$EQRUPDO
Abnormal ,PSURYH
Improve ,7
IT 
25/06/23 &RPSOHW
Complet $FWLRQV
Actions
QHWZRUN
network LQWUXVLRQ
intrusion 7HDP
Team eH 5HVSRQVLEOH
Responsible ,77HDP
IT Team
WUDIILF
traffic GHWHFWLRQ
detection 'HDGOLQH
Deadline 2PRQWKV
months
WKURXJKWKH
through the ([HFXWLRQ of
Execution RI $QDQDO\VLV
-An analysis of RIWKHV\VWHPVUHTXLULQJ DXWKHQWLFDWLRQ
the systems requiring authentication
LPSOHPHQWDWL
implementati LPSURYHPHQWV
improvements VKRXOGEHSHUIRUPHG
should be performed.
RQRI
on of 6HOHFWDVXLWDEOHDXWKHQWLFDWLRQVROXWLRQ
-Select a suitable authentication solution.
ILUHZDOOV
firewalls. 3HUIRUPWHVWVDQGHQVXUHWKDWWKH\DUHWUDLQHGWRXVH
-Perform tests and ensure that they are trained to use
8QDXWKRUL]
Unauthoriz ,PSOHPHQW
Implement ,7
IT 
15/07/23 &RPSOHW
Complet LW
it.
HGFKDQJHV
ed changes DSSURYDODQG
approval and 7HDP
Team eH )LQGLQJ$EQRUPDO1HWZRUN7UDIILF
Finding 2: Abnormal Network Traffic
UHYLHZ
review ,PSURYHPHQW
Improvement ,PSURYH intrusion
Improve LQWUXVLRQ detection
GHWHFWLRQ byE\ implementing
LPSOHPHQWLQJ
ZRUNIORZV
workflows $FWLRQV
Actions ILUHZDOOV
firewalls .
 5HVSRQVLEOH
Responsible ,77HDP
IT Team
'HDGOLQH
Deadline 3ZHHNV
weeks
$FWLYLW\3UHSDULQJIRUWKHFHUWLILFDWLRQDXGLW
Activity 2: Preparing for the certification audit.  $ comprehensive
-A FRPSUHKHQVLYH reviewUHYLHZ ofRI the
WKH current
FXUUHQW system
V\VWHP
 FRQILJXUDWLRQVKRXOGEHSHUIRUPHG
configuration should be performed.
)RFXVHV on
Focuses RQ preparing
SUHSDULQJ theWKH company
FRPSDQ\ for
IRU the
WKH ISMS
,606 ([HFXWLRQ
Execution ,GHQWLI\ areas
RI -Identify
of DUHDV for
IRU improvement
LPSURYHPHQW and DQG implement
LPSOHPHQW
FHUWLILFDWLRQ audit
certification DXGLW in LQ accordance
DFFRUGDQFH with
ZLWK ISO
,62 27001.
 LPSURYHPHQWV
improvements ILUHZDOOVWREORFNWUDIILFPRUHHIIHFWLYHO\
firewalls to block traffic more effectively.
&RPSOLDQFH with
Compliance ZLWK all
DOO the
WKH requirements
UHTXLUHPHQWV established
HVWDEOLVKHG in
LQ the
WKH &RQGXFWRQJRLQJVWDIIWUDLQLQJRQWKHVXEMHFW
-Conduct ongoing staff training on the subject.
VWDQGDUG isLV verified
YHULILHG and
DQG aD thorough
WKRURXJK evaluation
HYDOXDWLRQ of
RI the
WKH )LQGLQJ8QDXWKRUL]HG&KDQJHV
Finding 3: Unauthorized Changes
standard
,PSURYHPHQW ,PSOHPHQWDQDSSURYDODQGUHYLHZZRUNIORZ
LPSOHPHQWHGV\VWHPLVFDUULHGRXW
implemented system is carried out. Improvement Implement an approval and review workflow.
$FWLRQV
Actions
5HVSRQVLEOH
Responsible 77HDP
TTeam
7$%/(;
TABLEX. $8',76&23(OBJECTIVES
AUDITSCOPE, 2%-(&7,9(6$1' &5,7(5,$
AND CRITERIA 'HDGOLQH
Deadline 2PRQWKV
months
 5HYLHZDQGXSGDWHWKHFXUUHQWFKDQJHPDQDJHPHQW
-Review and update the current change management
6FRSH
Scope  SURFHVVRULPSOHPHQWRQHLIQHFHVVDU\
process or implement one ifnecessary.
$UHDV
Areas 'HSDUWPHQW(systems
Department V\VWHPVDQGDSSOLFDWLRQVLQIUDVWUXFWXUH
and applications infrastructure  (YDOXDWHDQGHVWDEOLVKFULWHULDIRUDXWKRUL]DWLRQDQG
-Evaluate and establish criteria for authorization and
DUHD 
are~)- ([HFXWLRQ
Execution of UHJLVWUDWLRQRIV\VWHPFKDQJHV
RI registration of system changes.
3URFHVVHV
Processes 6HFXULW\LQFLGHQWPDQDJHPHQWXVHUDFFHVVFRQWURO
Security incident management, user access control, LPSURYHPHQWV
improvements &RQGXFW training
-Conduct WUDLQLQJ for
IRU personnel
SHUVRQQHO involved
LQYROYHG in LQ the
WKH
XSGDWHPDQDJHPHQWSDVVZRUGPDQDJHPHQWDQG
update management, password management and FKDQJHPDQDJHPHQWSURFHVV
change management process.
EDFNXSV
backups. (IIHFWLYHQHVV
Effectiveness
2EMHFWLYHV
Objectives )RU the
For WKH evaluation
HYDOXDWLRQ of
RIthe
WKH effectiveness,
HIIHFWLYHQHVV after
DIWHUthe
WKH implementation
LPSOHPHQWDWLRQ of RIthe
WKH
(YDOXDWH the
Evaluate WKH effectiveness
HIIHFWLYHQHVV of
RI the
WKH system
V\VWHP in
LQ terms
WHUPV of
RI protecting
SURWHFWLQJ LPSURYHPHQW actions,
improvement DFWLRQV an
DQ evaluation
HYDOXDWLRQ should
VKRXOG be
EH carried
FDUULHG out
RXW in
LQ order
RUGHU to
WR
FRQILGHQWLDOLQIRUPDWLRQ
confidential information. PHDVXUHthe
measure WKHeffectiveness
HIIHFWLYHQHVVin LQimproving
LPSURYLQJinformation
LQIRUPDWLRQsecurity,
VHFXULW\to
WRperform
SHUIRUP
,GHQWLI\H[LVWLQJJDSVLQVHFXULW\FRQWUROVDQGSURSRVHVROXWLRQV
Identify existing gaps in security controls and propose solutions. WKLVDFWLRQWHVWVVKRXOGEHSHUIRUPHGDQGGDWDVKRXOGEHFROOHFWHG
this action, tests should be performed, and data should be collected.
'RFXPHQWDWLRQRIFKDQJHV
Documentation of changes

2024 14th International Conference on Cloud Computing, Data Science & Engineering (Confluence)
2024
Authorized licensed use 14th
limited International
to: UNIV Conference
ESTADUAL PAULISTA onDE
JULIO Cloud Computing,
MESQUITA Data Science
FILHO. Downloaded Engineering
&23,2025
on April (Confluence)
at 23:28:04 181
UTC from IEEE Xplore. Restrictions apply.
181
 ,W
It LV
is YHU\
very LPSRUWDQW
important WRto GRFXPHQW
document DOO all WKH
the DFWLRQV
actions WKDW
that KDYH
have EHHQ
been
LPSOHPHQWHGLQFDVHFKDQJHVKDYHEHHQPDGHWRWKHV\VWHPVWKH\VKRXOG AV ERA G E NUMB ER O F R ESOLV ED CY BE R-
implemented, in case changes have been made to the systems, they should
DOVR ATTA CKS
also EH
be LQFOXGHG
included, WKHUH
there ZLOO
will EH
be Da KLVWRULFDO
historical UHFRUG
record RI
of WKH
the LPSURYHPHQWV
improvements
PDGHIRUVXEVHTXHQWDXGLWV
made for subsequent audits. • Betore • After
&RQWLQXRXV,PSURYHPHQW
Continuous Improvement
7KH
The FRQWLQXRXV
continuous LPSURYHPHQW
improvement SODQplan VKRXOG
should EH
be UHYLHZHG
reviewed SHULRGLFDOO\
periodically LQ
in
RUGHUWRHYDOXDWHLWVHIIHFWLYHQHVVDQGPDNHDQ\QHFHVVDU\FKDQJHV7KH
order to evaluate its effectiveness and make any necessary changes. The
QHHG
need WRto HVWDEOLVK
establish Da FRQWLQXRXV
continuous LPSURYHPHQW
improvement F\FOH
cycle VR
so WKDW
that ZKHQ
when QHZ
new
ILQGLQJVDUHREWDLQHGWKH\FDQEHHIIHFWLYHO\DGGUHVVHGDQGGRQRWDIIHFW
findings are obtained, they can be effectively addressed and do not affect
LQIRUPDWLRQVHFXULW\
information security.

,9
IV. 5RESULTS
(68/76
7ZR
Two WHFKQLTXHV
techniques ZHUHwere XVHG
used WRto REWDLQ
obtain WKH
the UHVXOWV
results. 2QH
One RIof 
WKHP
them LV
is WKH
the REVHUYDWLRQ
observation JXLGH
guide, LQin ZKLFK
which Da FRPSDULVRQ
comparison ZDVwas )LJ$YHUDJH1XPEHURI5HVROYHG&\EHU$WWDFNV
Fig. 3. Average Number of Resolved Cyber-Attacks
PDGHLQWZRWLPHVZKLFKZRXOGEHWKHSUHWHVWDQGSRVWWHVW
made in two times, which would be the pretest and posttest,
DIWHUWKHLPSOHPHQWDWLRQRIWKH,606WKXVREWDLQLQJSRVLWLYH
after the implementation ofthe ISMS, thus obtaining positive /LNHZLVH
Likewise, SULRU
prior WR
to LPSOHPHQWDWLRQ
implementation, WKH the DYHUDJH
average
UHVXOWV
results VLQFH
since DQ an LPSURYHPHQW
improvement LV is HYLGHQFHG
evidenced LQ in WKH
the LQGLFDWRUV
indicators HIIHFWLYHQHVVRIPLWLJDWLRQPHDVXUHVZDV+RZHYHU
effectiveness of mitigation measures was 23.53%. However,
WKDW
that ZHUH
were HYDOXDWHG
evaluated DFFRUGLQJ
according WRto WKH
the GLPHQVLRQV
dimensions. 7KH The RWKHU
other ZLWK
with WKH
the LPSOHPHQWDWLRQ
implementation RI
of WKH
the ,606
ISMS, WKLV
this DYHUDJH
average KDV
has
WHFKQLTXHXVHGZDVWKHVXUYH\LQZKLFKHPSOR\HHVRIWKH
technique used was the survey, in which 20 employees of the LQFUHDVHG
increased WR
to 
84.96%, ZKLFK
which UHSUHVHQWV
represents Da GLIIHUHQFH
difference RIof
FRPSDQ\
company ZKR who DUH are GLUHFWO\
directly UHODWHG
related WRto WKH
the ,QIRUPDWLRQ
Information LQWKHHIIHFWLYHQHVVRIPLWLJDWLRQPHDVXUHV )LJ4)
61.43% in the effectiveness of mitigation measures . (Fig.
7HFKQRORJ\
Technology (IT) ,7  DUHD
area ZHUH
were VSHFLILFDOO\
specifically VXUYH\HG
surveyed. 7KHVH
These
HPSOR\HHVZHUHVHOHFWHGIRUWKHLUH[SHULHQFHDQGNQRZOHGJH
employees were selected for their experience and knowledge AV ER A G E EFFECTI VE NE SS O F T HE
UHOHYDQW
relevant WRto DVVHVVLQJ
assessing WKH
the HIIHFWLYHQHVV
effectiveness RI of WKH
the ,606
ISMS. 7KH
The M EA SUR ES

VXUYH\DOVRFRQWULEXWHGWRDSRVLWLYHUHVXOWFDOFXODWHGXVLQJ
survey also contributed to a positive result, calculated using • Befor e • Afte r

,%0
IBM 6366
SPSS VRIWZDUH
software WRto REWDLQ
obtain WKH
the OHYHO
level RIof FRUUHODWLRQ
correlation
EHWZHHQ
between WKH the WZR
two UHVHDUFK
research YDULDEOHV
variables, WKXV
thus WHVWLQJ
testing WKH
the
DOWHUQDWLYH
alternative K\SRWKHVLV
hypothesis, UXOLQJ
ruling RXW
out WKH
the QXOO
null K\SRWKHVLV
hypothesis, DQGand
LQIHUULQJWKDWWKHLPSOHPHQWDWLRQRIDQ,606LVDVLJQLILFDQW
inferring that the implementation of an ISMS is a significant
LPSURYHPHQWLQ,7VHFXULW\LQDFRPSDQ\WKDWPDQXIDFWXUHV
improvement in IT security in a company that manufactures
DJULFXOWXUDO
agricultural WRROV
tools. $PRQJ
Among WKH
the UHVXOWV
results ZH
we KDYH
have WKDW
that: 3ULRU
Prior WR
to
LPSOHPHQWDWLRQ
implementation, WKHUH there ZDV
was DQ
an DYHUDJH
average RI
of 
6.67% LQFLGHQWV
incidents
UHSRUWHG
reported SHU
per PRQWK
month. +RZHYHU
However, ZLWKwith WKH
the LPSOHPHQWDWLRQ
implementation RI of 
WKH
the ,606
ISMS, WKLV this DYHUDJH
average GHFUHDVHG
decreased WR to 
1.33% LQFLGHQWV
incidents, )LJ$YHUDJH(IIHFWLYHQHVVRIWKH0HDVXUHV
Fig. 4. Average Effectiveness of the Measures
UHSUHVHQWLQJDUHGXFWLRQRILQFLGHQWVRQDYHUDJH
representing a reduction of 5.34% incidents on average. (Fig. )LJ
2)
9
V. &CONCLUSIONS
21&/86,216

NUMBER OF CYB ER -ATTA CK IN CIDENTS 7KH

The LPSOHPHQWDWLRQ
implementation RI of DQ an LQIRUPDWLRQ
information VHFXULW\
security
25 8.00% PDQDJHPHQWV\VWHPLPSURYHGWKHFRPSXWHUVHFXULW\RIWKH
management system improved the computer security of the
6.67% 7.00% DJULFXOWXUDOWRROPDQXIDFWXULQJFRPSDQ\E\'XULQJ
agricultural tool manufacturing company by 48.4%. During
20 -
6.00% WKH
the GHYHORSPHQW
development RI of WKH
the ,606
ISMS, HIIHFWLYH
effective SURFHVVHV
processes DQGand
15 5.00% PHDVXUHV
measures ZHUH
were SXWput LQ
in SODFH
place WRto SURWHFW
protect LQIRUPDWLRQ
information DQG and ,7
IT
4.00% DVVHWV
assets. 7KH
The DGRSWLRQ
adoption RI of WKLV
this DSSURDFK
approach KDV has FRQWULEXWHG
contributed WR to
10 3.00%
LPSURYLQJ
improving LQIRUPDWLRQ
information VHFXULW\
security, VWUHQJWKHQLQJ
strengthening WKH the
2.00%
1.00%
FRPSDQ\
company's V DELOLW\
ability WRto ZLWKVWDQG
withstand SRWHQWLDO
potential F\EHUDWWDFNV
cyber-attacks DQG and
o 0.00%
H[WHUQDOWKUHDWV$OVRWKHLPSOHPHQWDWLRQRIDQLQIRUPDWLRQ
external threats. Also, the implementation of an information
Before After VHFXULW\
security PDQDJHPHQW
management V\VWHP system VLJQLILFDQWO\
significantly LPSURYHV
improves WKHthe
~ Quantity - -Aver age
FRPSDQ\
company's V GHIHQVLYH
defensive PHDVXUHV
measures DJDLQVW
against F\EHUDWWDFNV
cyber-attacks, WKHthe
 DGRSWLRQRIFOHDUSROLFLHVDQGSURFHGXUHVDQGWKHFRPSDQ\
adoption of clear policies and procedures, and the company
KDV
has VWUHQJWKHQHG
strengthened LWV its SUHSDUHGQHVV
preparedness DQG and DELOLW\
ability WR
to UHVSRQG
respond WRto
)LJ1XPEHURI&\EHU$WWDFN,QFLGHQWV
Fig. 2. Number ofCyber-Attack Incidents
SRVVLEOH
possible VHFXULW\
security LQFLGHQWV
incidents. 7KLV
This LVis HYLGHQFHG
evidenced E\ by WKH
the UDSLG
rapid

LGHQWLILFDWLRQ
identification RI of WKUHDWV
threats DQGand WKH
the DSSOLFDWLRQ
application RI of PHDVXUHV
measures,
6LPLODUO\DWWKHEHJLQQLQJWKHDYHUDJHQXPEHURIF\EHU
Similarly, at the beginning, the average number of cyber- VLQFH
since WKH
the QXPEHU
number RI of UHSRUWHG
reported F\EHUDWWDFN
cyber-attack LQFLGHQWV
incidents KDV
has
DWWDFNV
attacks UHVROYHG
resolved ZDV
was 
48.60%. +RZHYHU
However, FXUUHQWO\
currently WKH
the GHFUHDVHG
decreased WR to 
1.33%. /LNHZLVH
Likewise, WKH the LPSOHPHQWDWLRQ
implementation RI of DQ
an
DYHUDJH
average KDV
has LQFUHDVHG
increased WR
to 
72.20%, ZKLFK
which UHSUHVHQWV
represents DQ
an LQIRUPDWLRQ
information VHFXULW\
security PDQDJHPHQW
management V\VWHP system VLJQLILFDQWO\
significantly
LQFUHDVHRILQWKHUHVROXWLRQRIF\EHUDWWDFNV )LJ3)
increase of23.60% in the resolution of cyber-attacks. (Fig. LPSURYHV
improves WKH
the GHWHFWLRQ
detection DQGand PDQDJHPHQW
management RI of ULVNV
risks UHODWHG
related WR
to
LQIRUPDWLRQ
information VHFXULW\
security. 7KHThe DGRSWLRQ
adoption RI of SURDFWLYH
proactive PRQLWRULQJ
monitoring
DQG
and DQDO\VLV
analysis DSSURDFKHV
approaches KDV has PDGH
made LW it SRVVLEOH
possible WRto LGHQWLI\
identify
ULVNV
risks DQG
and YXOQHUDELOLWLHV
vulnerabilities LQ in UHDO
real WLPH
time. 7KLV
This LV
is HYLGHQFHG
evidenced E\ by
WKH
the DELOLW\
ability WRto DGHTXDWHO\
adequately DVVHVV
assess DQG and DGGUHVV
address PLWLJDWLRQ
mitigation
PHDVXUHVDVLWLQFUHDVHGWRLQUHFHQWZHHNV)LQDOO\
measures, as it increased to 72.20% in recent weeks. Finally,
WKHLPSOHPHQWDWLRQRIDQLQIRUPDWLRQVHFXULW\
the implementation of an information security PDQDJHPHQW management
V\VWHP
system KDVhas VWUHQJWKHQHG
strengthened WKH the IXQGDPHQWDO
fundamental SLOODUV
pillars RIof
LQIRUPDWLRQVHFXULW\
information security LQWKHDJULFXOWXUDOWRROV
in the agricultural tools PDQXIDFWXULQJ
manufacturing
FRPSDQ\
company. &RQILGHQWLDOLW\
Confidentiality, LQWHJULW\
integrity DQG and DYDLODELOLW\
availability RI of
LQIRUPDWLRQ
information KDYHhave EHHQbeen Da SULRULW\
priority DW at DOO
all VWDJHV
stages RIof WKH
the

182
Authorized licensed
2024 14th International Conference on Cloud Computing, Data Science & Engineering (Confluence)
182 use limited202414th International
to: UNIV ESTADUAL PAULISTAConference on Cloud
JULIO DE MESQUITA Computing,
FILHO. Data
Downloaded Science
on April 23,2025&atEngineering (Confluence)
23:28:04 UTC from IEEE Xplore. Restrictions apply.
 LPSOHPHQWDWLRQSURFHVV7KLVLVHYLGHQWLQWKHFRPSDQ\DV
implementation process. This is evident in the company, as 
LW
it KDV
has EHFRPH
become 
83.30% PRUH
more UHVLVWDQW
resistant WR
to SRVVLEOH
possible VHFXULW\
security 
LQFLGHQWVDQGLVEHWWHUSUHSDUHGWRIDFHIXWXUHFKDOOHQJHV
incidents and is better prepared to face future challenges. 

5()(5(1&(6
REFERENCES 
 
>@
[1] <
Y. ,DQR26DRWRPH*.HPSHU
Iano, O. Saotome, G. Kemper, $&0HQGHV'H6HL[DVDQG
A. C. Mendes De Seixas, and 
*
G. *RPHV
Gomes 'HDe 2OLYHLUD
Oliveira, ³3URFHHGLQJV
"Proceedings RI of WKH
the WK
6th %UD]LOLDQ
Brazilian
7HFKQRORJ\6\PSRVLXP´6PDUW,QQRY6\VW7HFKQROYRO
Technology Symposium," Smart Innov. Syst. Technol., vol. 233, 
SS
pp. ±
359-377, 
2021, $FFHVVHG
Accessed: 'HFDec.  29, 
2023. >2QOLQH@
[Online]. 
$YDLODEOHKWWSVGRLRUJ
Available: https:lldoi.org/l0.1007/978-3-030-75680-2 
>@
[2] 'HIHQVRUtD
Defensoria GHO
del 3XHEOR
Pueblo, ³/D"La FLEHUGHOLQFXHQFLD
ciberdelincuencia HQ en HO
el 3HU~
Pent: 
(VWUDWHJLDV
Estrategias \y UHWRV
retos GHO
del (VWDGR´
Estado," 
2023, >2QOLQH@
[Online]. $YDLODEOH
Available: 
KWWSZZZGHIHQVRULDJRESH
http://www.defensoria.gob.pe

>@
[3] ,%0³;)RUFH7KUHDW,QWHOOLJHQFH,QGH[´$FFHVVHG
IBM, "X-Force Threat Intelligence Index 2022," 2022, Accessed:
'HF
Dec. 
29, 
2023. >2QOLQH@
[Online]. $YDLODEOH
Available:

KWWSVZZZLEPFRPGRZQORDGVFDV$'/0</$=
https:llwww.ibm.com/downloads/cas/ADIMYLAZ 
>@
[4] 3
P. $
A. 6iQFKH]
Sanchez 6iQFKH]
Sanchez, - J. 5
R. *DUFtD
Garcia *RQ]iOH]
Gonzalez, $A. 7ULDQD
Triana, DQG
and 
3HUH]&RURQHO³0HGLGDGHOQLYHOGHVHJXULGDGLQIRUPiWLFDGHODV
Perez Coronel, "Medida del nivel de seguridad informatica de las 
SHTXHxDV
pequefias \ y PHGLDQDV
medianas HPSUHVDV 3<0(V  HQ
empresas (PYMEs) en &RORPELD´
Colombia," ,QI
In! 
WHFQROyJLFD
tecnol6gica, YRO
vol. 
32, QR
no. 
5, SS
pp. ±
121-128, 
2021, >2QOLQH@
[Online].
$YDLODEOH
Available:

KWWSZZZVFLHORFOVFLHORSKS"VFULSW VFLBDUWWH[W SLG 6
http://www.scielo.cl/scielo.php?script=sci_arttext&pid=S07l8- 
 OQJ HQ QUP LVR WOQJ HQ$KWWSZZ
07642021000500121 &lng=en&nnn=iso&tlng=en%OAhttp://ww 
ZVFLHORFOVFLHORSKS"VFULSW VFLBDEVWUDFW SLG 6
w.scielo.c1/scielo.php?script=sci_abstract&pid=S07l8- 
 OQJ HQ QUP LVR WOQJ HQ
07642021000500121 &lng=en&nnn=iso&tlng=en

>@
[5] 1XUERMDWPLNR
Nurbojatmiko, $ A. 6XVDQWR
Susanto, DQG
and (
E. 6KREDULDK
Shobariah, ³$VVHVVPHQW
"Assessment RI of
,606
ISMS %DVHG
Based 2Q On 6WDQGDUG
Standard ,62ISO 1 ,(& IEC ௗ
27001: 
2013 DW at

',6.20,1)2'HSRN&LW\´7K,QW&RQI&\EHU,W6HUY
DISKOMINFO Depok City," 2016 4Th Int. Con! Cyber It Servo 
0DQDJSS±GRL&,760
Manag., pp. 43-48, 2013, doi: 10.1109ICITSM.20l6.7577471. 
>@
[6] -
J. 9HODVFR
Velasco, 5
R. 8OODXUL
Ullauri, /
L. 3LOLFLWD
Pilicita, %
B. -DFRPH
Jacome, 3 P. 6DD
Saa, DQG
and 2
O. 
0RVFRVR=HD
Moscoso-Zea, ³%HQHILWV
"Benefits RI of LPSOHPHQWLQJ
implementing DQ an ,606
ISMS DFFRUGLQJ
according WRto 
WKH
the ,62
ISO 
27001 VWDQGDUG
standard LQ in WKH
the HFXDGRULDQ
ecuadorian PDQXIDFWXULQJ
manufacturing
LQGXVWU\´
industry," 3URF
Proc. - UG
3rd ,QW
Int. &RQI
Con! ,QIIn! 6\VW
Syst. &RPSXW
Comput. 6FL
Sci.

,1&,6&26
INCISCOS 2018, YRO
vol. 'HFHP
20l8-Decem, SS pp. ±
294-300, 
2018, GRL
doi: 
,1&,6&26
10.1109/INCISCOS.20 18.00049. 
>@
[7] &
C. &DUYDOKR
Carvalho DQG
and (
E. 0DUTXHV
Marques, ³$GDSWLQJ
"Adapting ,62 ISO 
27001 WR
to D
a 3XEOLF
Public 
,QVWLWXWLRQ´,EHU&RQI,QI6\VW7HFKQRO&LVWYRO-XQH
Institution," Iber. Con! In! Syst. Technol. Cist., vol. 20 19-June, 
QR-XQHSS±GRL&,67,
no. June, pp. 19-22,2019, doi: 10.239l9ICISTI.20l9.8760870.

>@
[8] =
Z. 6XQ
Sun, -
J. =KDQJ
Zhang, + H. <DQJ
Yang, DQGand - J. /L
Li, ³5HVHDUFK
"Research RQ on WKH
the
(IIHFWLYHQHVV
Effectiveness $QDO\VLV
Analysis RI of ,QIRUPDWLRQ
Information 6HFXULW\
Security &RQWUROV´
Controls," 3URF
Proc.


2020 ,(((
IEEE WK
4th ,QI
In! 7HFKQRO
Technol. 1HWZRUNLQJ
Networking, (OHFWURQ
Electron. $XWRP
Autom. 
&RQWURO
Control &RQI
Con! ,71(&
ITNEC 
2020, QR
no. ,WQHF
Itnec, SS
pp. ±
894-897, 
2020, GRL
doi: 
,71(&
10.1109/ITNEC48623.2020.9084809. 
>@
[9] 6\LIDXUDFKPDQ
Syifaurachman DQG and $
A. :LERZR
Wibowo, ³5LVN
"Risk $VVHVVPHQW
Assessment 5HODWHG
Related 7R
To 
3ULYDF\
Privacy ,QIRUPDWLRQ
Information RQ on (OHFWURQLF
Electronic 0RQH\
Money 6HUYHU%DVHG
Server-Based 8VLQJ
Using
,VR

Iso 
27001 ,VR
Iso 
27005, ,VRIso ´
27701," - J. 7KHRU
Theor. $SSO
Appl. ,QI
In! 7HFKQRO
Technol.,
YROQRSS±
vol. 101, no. 3, pp. 1067-1077,2023. 
>@
[10] 0$TXLQR&UX]-1+XDOOSD/DJXQD+$+XLOOFHQ%DFD(
M. Aquino Cruz, J. N. Huallpa Laguna, H. A. Huillcen Baca, E. 
(&DUSLR
E. Carpio 9DUJDV
Vargas, DQG
and )
F. /
L. 3DORPLQR
Palomino 9DOGLYLD
Valdivia, ,PSOHPHQWDWLRQ
Implementation 
RI
of DQ
an ,QIRUPDWLRQ
Information 6HFXULW\
Security 0DQDJHPHQW
Management 6\VWHPSystem %DVHG
Based RQ on WKH
the 
,62,(&
ISO/IEC 
27001: 
2013 6WDQGDUG
Standard forIRU WKH
the ,QIRUPDWLRQ
Information 7HFKQRORJ\
Technology 
'LYLVLRQYROGRLB
Division, vol. 1302.2021. doi: 10.1007/978-3-030-63665-4_21.





2024 14th International Conference on Cloud Computing, Data Science & Engineering (Confluence)
2024
Authorized licensed use limited14th 1nternational
to: UNIV Conference
ESTADUAL PAULISTA onDECloud
JULIO Computing,
MESQUITA Data Science
FILHO. Downloaded Engineering
on April&23,2025 (Confluence)
at 23:28:04 183
183
UTC from IEEE Xplore. Restrictions apply.