SciELO - Scientific Electronic Library Online

 
vol.6 issue13PUBLIC POLICY PLANNING FOR QUALITY OF CARE: A SYSTEMATIC REVIEWFROM RESISTANCE TO DIGITAL LEADERSHIP: A SYSTEMATIC ANALYSIS OF THE ROLE OF ORGANIZATIONAL CHANGE IN BIG DATA ADOPTION IN PYMES author indexsubject indexarticles search 		Home Pagealphabetic serial listing  

Services on Demand

Journal

Article

Indicators

Related links

  • Have no similar articlesSimilars in SciELO

Share

Aula Virtual

On-line version ISSN 2665-0398

Abstract

FERRARI FERNANDEZ, Freddy Elar  and  HILARIO RIVAS, Jorge Luis. INFORMATION SECURITY MANAGEMENT SYSTEM PLAN TO IMPROVE RISK MANAGEMENT. Aula Virtual [online]. 2025, vol.6, n.13, e580.  Epub Dec 27, 2025. ISSN 2665-0398.  https://doi.org/10.5281/zenodo.18076040.

The research Information Security Management System (ISMS) Plan to Improve Risk Management aimed to demonstrate whether the implementation of an ISMS plan significantly contributes to optimizing risk management in organizations. An applied, descriptive-level study was conducted using a pre-test-post-test design with 49 Systems Engineering students from the National University of Ucayali, organized into 12 teams distributed across Entities/Processes. Data collection was carried out through statistically validated surveys, assessing the dimensions of confidentiality, integrity, availability, asset identification and valuation, and risk analysis, in accordance with NTP-ISO/IEC 17799 and NTP-ISO/IEC 27001:2014 standards. The results show a significant improvement in risk management after the implementation of the plan, with an average difference of 𝐷̅ = 1.4967, confirmed by a t-test (Tc = 13.576 > Tt = 1.761; Sig. bilateral < 0.05) and a 95% confidence level. Specific improvements were recorded in confidentiality (𝐷̅ = 1.6100), integrity (𝐷̅ = 1.2860), and availability (𝐷̅ = 1.5940). A total of 220 assets were identified, of which 204 were managed; in the risk analysis, 141 assets, 594 threats, and 594 vulnerabilities were evaluated. It is concluded that implementing an ISMS plan not only leads to statistically significant improvements in risk management but also strengthens organizational security by protecting the confidentiality, integrity, and availability of information. Consequently, it constitutes an essential strategy to ensure operational continuity, reduce vulnerabilities, and effectively respond to the challenges of increasingly complex digital environments.

Keywords : Risk management; information security; ISMS; ISO/IEC 27001.

        · abstract in Spanish     · text in Spanish     · Spanish ( pdf )

 
Av Libertador, Res. Arca del Norte, Nro. 52D.
Barquisimeto. Lara. Venezuela