Information security in implementing web applications for small businesses based on COBIT5-SI

Author

Danilo Jaramillo, H. ; Franco Guaman, B. ; Kruskaya Salazar, E.

Author_Institution

Dept. de Cienc. de la Comput. y Electron., Univ. Tec. Particular de Loja, Loja, Ecuador

fYear

2015

fDate

17-20 June 2015

Firstpage

1

Lastpage

6

Abstract

The Information Security is one of the preventive measures to take account for the proper functioning of applications in small and medium enterprises in Ecuador, thus ensuring reliability, availability and integrity of assets, primarily within their web applications measures. This work is based on the integration of the governance framework for Cobit5-SI safety, UWE modeling methodology and open security OWASP project, obtaining the best practices for evaluating the Information Security in implementing web applications these companies. Similarly, the selection of these practices was conducted with the integration of the ISF, ISO / IEC 27001, ISO / IEC 27002, ITIL and NIST.

Keywords

Internet; security of data; small-to-medium enterprises; Cobit5-SI safety; IEC 27001; IEC 27002; ISF; ISO; ITIL; NIST; SME; UWE modeling methodology; Web applications; asset availability; asset integrity; asset reliability; governance framework; information security; open security OWASP project; small and medium enterprises; small businesses; IEC standards; ISO standards; Information security; NIST; Silicon; Software; Unified modeling language; Information security; cobit5; web applications;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Systems and Technologies (CISTI), 2015 10th Iberian Conference on

Conference_Location

Aveiro

Type

conf

DOI

10.1109/CISTI.2015.7170390

Filename

7170390