Especialización en Seguridad de la Información

URI permanente para esta colección

http://hdl.handle.net/11371/4290

Examinar

Examinando Especialización en Seguridad de la Información por Título

Mostrando 1 - 20 de 34
  • Miniatura
    Ítem
    Adopción de buenas prácticas en seguridad de la información enfocado en ambientes OT
    (Fundación Universitaria Los Libertadores. Sede Bogotá., ) Moreno, Diego Armando; López, Luis Carlos; Moreno, Diego Alejandro; Serrato Rodriguez, Yenny Isabel
    The advantages of the use of technology, digitization and connectivity currently in the OT operational industry are quite significant, but at the same time the possibility of suffering a cyber attack increases due to the greater exposure of the intrusion surface. In addition to this, currently industries of all kinds (electricity, gas, manufacturing, health, etc.) are targets of cybercriminals due to the great impact that the materialization of a risk can have on the company and/or society, the result of which is would have consequences such as: economic, reputational, environmental, to the integrity of people, etc.).
  • Miniatura
    Ítem
    Análisis de ciberseguridad a una infraestructura de red implementada en Microsoft Azure
    (Fundación Universitaria Los Libertadores. Sede Bogotá., ) Gallego Mina, José Carlos; Rubio Vizcaya, David Gregorio; Herrera Herrera, Héctor Manuel; Herrera Herrera, Héctor Manuel
    This document reflects an analysis of cybersecurity in a network infrastructure implemented and exposed in Microsoft Azure, which will have the components necessary to operate. Through ethical hacking tools and techniques, an vulnerability scanning on this network, its components and configurations made. With the results obtained from the tests, the security level of the cloud infrastructure assessed and whether it is acceptable to integrity standards, confidentiality and availability of information. This will allow Microsoft Azure platform administrators to have tools, guides and security bases when implementing and securing an infrastructure of cloud network.
  • Miniatura
    Ítem
    Análisis de ciberseguridad sobre las vulnerabilidades que se pueden presentar con el teletrabajo
    (Fundación Universitaria Los Libertadores. Sede Bogotá., ) Arévalo Morales, Andrés Danilo; Buitrago Ropero, Camilo Andrés; Herrera Herrera, Hector Manuel
    The modality of working at home or telecommuting is a trend that has grown exponentially since the beginning of the COVID 19 pandemic, which results in one of the many challenges that cybersecurity has in the face of various risks and latent threats. Every day cybercriminals devise new forms of attack to affect a system or simply steal information, which is why they want to identify the different threats and vulnerabilities that exist and can be a risk for an employee who works from home and lead to an impact significant for organizations.
  • Miniatura
    Ítem
    Análisis de impacto del negocio para una empresa del estado (BIA)
    (Fundación Universitaria Los Libertadores. Sede Bogotá., ) González Tello, Jorge Alexander; Fuentes Gómez, Hernán Darío; Cárdenas, Diego Alexander; Jaimes Fernández, Wilmar
    The development of this research aims to develop and propose a BIA document (Business Impact Analysis) for a state company that provides the Fund services for Retirees. This research can be called phase one (1) or initiation, since this depends on great way the definition and confirmation of the possible methods that will be used to carry out the replication to an alternate Datacenter of the Core services of the business, therefore, in this This document will not emphasize the migration or replication of services.
  • Miniatura
    Ítem
    Análisis de los programas de concientización de seguridad de la información en comtec
    (Fundación Universitaria Los Libertadores. Sede Bogotá., ) Romero, Carolina; Caraballo Leon, Javier Mauricio; Bolívar Sánchez, Arturo José; Jaimes Fernández, Wilmar
    In the field of information security, we seek to take into account all the possible threats that may occur on the information and data; one of these events, are social engineering attacks, where end users regulate of the entity are often compromised, because they do not have the knowledge to deal with these types of events. The attackers seek to identify different security gaps, focusing on the human behavior and exploiting psychological aspects for profit economic through deception techniques; Therefore, the human factor is the greatest attacker's target, due to his lack of knowledge or overconfidence in front of the information at your fingertips. Organizations invest a large amount of resources in infrastructure to protect your information; however, one of the weakest links is the users final, of which companies do not dedicate adequate time and do not project financial resources to train and educate people
  • Miniatura
    Ítem
    Análisis de vulnerabilidades en el sistema de inventarios Phoenix en una IPS nivel 1.
    (Fundación Universitaria Los Libertadores. Sede Bogotá., ) Ruíz Cortés, Ricardo Alfonso; Ruíz Cortés, Jhon Carlos; Herrera Herrera, Hector Manuel
    This article summarizes the pentesting techniques used in the Phoenix inventory system of a first-level IPS, which is a company's own development based on PHP and Mysql. For this, 3 stages were contemplated: 1. The analysis and identification of the inventory system was carried out using a penetration testing methodology, which included a review of the system documentation, interviews and visits, to determine the impact that could be generated. If a threat materializes, it is based on the ISO 27001:2022 standard, 2. Pentesting and security testing of the web application. The study was carried out using a risk analysis methodology, which included the identification, evaluation and treatment of the identified vulnerabilities. 3. The results of the study showed that the system presented a series of vulnerabilities that could be exploited by attackers to obtain access to confidential information or cause damage to the system. Subsequently, a proposal is generated in which best practices are suggested to mitigate these risks. . It is concluded that preventive and corrective actions must be applied through policies and procedures that must be constantly verified by those responsible for IT and management, making the pertinent updates in each of them, applying the concepts of the PHVA and good practices of ITIL.
  • Miniatura
    Ítem
    Análisis de vulnerabilidades en los sistemas de información de los equipos LG SMART TV que utilizan aplicaciones IoT
    (Fundación Universitaria Los Libertadores. Sede Bogotá., ) León Barón, Cristian Daniel; Lozano, William; Yara, Claudia; Herrera, Héctor Manuel
    The following article is based on statistics of threats and vulnerabilities that usually occur in Smart TV environments, identifying the most common attacks in recent years, to duplicate them in a laboratory in a real and controlled environment to verify which vulnerabilities currently exist. and review your solutions. In recent years, different questions have arisen about the Internet of Things and the reception it is having at the level of applications, with the challenge of computer security problems emerging as a big question, given that different risks have been presented that cover the companies and users. This problem has led to the development of some studies and points of view, but without yet presenting a unified vision of how to face the risks associated with the implementation of technologies that encompass the Internet of Things in companies. With this article we want to implement good practices and controls to avoid future computer attacks applied to Smart TVs, it will be based on the security of these devices that are better received by people every day. It was determined that the LG brand with its WebOS operating system will be used to carry out the tests and define what the current vulnerabilities are to deliver a series of recommendations that can be adjusted to the business environment based on the 27001 standard and the personal with simple recommendations that can prevent you from becoming victims of cybercriminals.
  • Miniatura
    Ítem
    Análisis del estado actual de la seguridad informática de la empresa Consulting Group Colombia sas.
    (Fundación Universitaria Los Libertadores. Sede Bogotá., ) Coronado Yeneris, José Joaquín; Pineda Duarte, Oscar Javier; Herrera Herrera, Héctor Manuel
    The purpose of this article is to know the current state in which the company Consulting Group Colombia SAS regarding computer security, through the preparation of an analysis based on the ISO 27001:2022 standard, to identify the risks and the vulnerabilities to which the information is exposed. During the analysis, the assets and their basic information were identified, in order to In order to determine the threats and the impact in which they are exposed, a review of documentation, interviews and visits, to know the impact that can reach have the materialization of a threat. As a purpose, possible solutions are presented in the short and medium term where the organization will decide the implementation of security controls, seeking to preserve the pillars of information security: integrity, confidentiality and availability.
  • Miniatura
    Ítem
    Análisis del nivel de implementación en Seguridad de la Información del protocolo IPv6 en una Entidad Distrital
    (Fundación Universitaria Los Libertadores. Sede Bogotá., ) Piñeros García, Juan Carlos; Ortiz Peláez, Jimmy Alejandro; Serrato Rodríguez, Yenny Isabel
    The main objective of this document is to analyze the state of the secure implementation of the IPv6 protocol in a public entity of district order. The study addressed the qualitative research methodology that allows us to collect several types of information, theoretical texts, and descriptive evidence to help us establish a guide for the development of the topic. The study proposes a series of recommendations to improve the performance and correct operation of information systems in accordance with good practices for the assurance of the IPv6 protocol in the technological infrastructure of the organization.
  • Miniatura
    Ítem
    Análisis del uso de gestión de acceso privilegiado para prevenir fraude interno por la utilización inadecuada de credenciales de usuarios administradores en entidades financieras
    (Fundación Universitaria Los Libertadores. Sede Bogotá., ) Espejo Hurtado, Ricardo; Manrique Rocha, Leydi Yesenia; Herrera Herrera, Héctor Manuel
    The purpose of this proposal is to prevent internal fraud in financial institutions, based on the A9 domain - Access control of the ISO/IEC 27001:2013 standard; which is oriented to control and monitor access to information systems in accordance with the policies of financial institutions. With the use of privileged access management PAM (Privileged Access Management) the way in which PAM strengthens the security of access to information, password management, access to the source program code, privileged access rights, among others, will be illustrated; based on software as a service SaaS (Software as a Service) that allows access to data from any device with an Internet connection in a secure environment. Finally, this proposal aims to encourage the use of a PAM service as an additional layer of security when accessing the computer systems of financial institutions, which allows mitigating the risks involved: Theft of credentials and Improper use of privileges.
  • Miniatura
    Ítem
    Aplicabilidad de blockchain para el proceso de negocio “digitalización de documentos” en una empresa de gestión documental
    (Fundación Universitaria Los Libertadores. Sede Bogotá., ) Acevedo Rodriguez, Rocio Andrea; Ospina Gonzalez, Fredi Alezander; Tapiero Velasquez, Giovanni; Serrato Rodriguez, Yenny Isabel
    The accelerated change in technology makes companies that provide document management services continuously seek to implement new ways to manage information in a secure and efficient manner. Often, these companies try to solve problems in supply chains with temporary solutions that sometimes turn out to be inefficient and inoperative. Some of these problems can be attributed to failures or lack of security and information integrity controls, failures in the technological infrastructure or its administration, among others. The current operating models do not allow controlling whether documents have been duplicated, accessed, manipulated or signed by unauthorized staff. In the absence of these controls, security risks could emerge and affect the availability, confidentiality and integrity of the information provided by customers. Consequently; reputational, contractual and legal impacts may jeopardize the continuity of the operation.
  • Miniatura
    Ítem
    Aplicación de las fases del análisis forense digital simulando una escena del crimen denominada "El hacker Asesino"
    (Fundación Universitaria Los Libertadores. Sede Bogotá., ) Pardo Salazar, Jhon Fredy; Vitola, Jorge Luis; Herrera Herrera, Héctor Manuel
    In this article a description of a hypothetical case will be made, where the phases are applied digital forensic analysis, showing the reader the use and application of computer techniques forensic and criminalistics, in order to find what, who, how, when and where they happened the facts of the case. This allows having a broad and clear context in the treatment of digital evidence, achieving their identification, acquisition and assurance for presentation of results suitable, in a criminal investigation. Finally, through the simulated case, the processing phases of the evidence, having as a principle to guarantee the sameness, authenticity and security of the information contained in electronic devices found at the crime scene, promoting an exhaustive forensic analysis to generate hypotheses and relate the behavior with the perpetrator of the crime.
  • Miniatura
    Ítem
    Buenas prácticas de los marcos de referencias para la creación de un SOC y los controles para tener en cuenta en empresas Mipymes de Bogotá
    (Fundación Universitaria Los Libertadores. Sede Bogotá., ) Izquierdo Acevedo, Laura Yisela; Mamanché Mamanché, Giovanni; Morales Ballesteros, Diego Arley; Jaimes Fernandez, Wilmar
    In the MiPymes (micro, small and medium enterprises; which has a maximum of 200 employees) information and data security should be a priority since today with the growth in the use of technology and internet access increases the possibility of facing a greater volume of cyber attacks. This leads to greater risks and threats that may affect the continuity of the company's operations. One of the biggest concerns of Mipymes when implementing a Center of Security Operations (SOC), are the high costs in which you can incurring. However, the theft, modification, impersonation, damage to the technological equipment, the suspension of business activity for a prolonged period of time or the kidnapping of information, among others affectations that may occur, can generate economic losses to larger scales. According to the Cybercrime Trends Report, 5,308 were reported in Bogotá. cases of computer crimes in 2019, of these 42% correspond to phishing, 28% phishing, 14% sending malware, and 16% fraud in means of payment. Being the MiPymes one of the main sources of attack of cybercriminals.
  • Miniatura
    Ítem
    Buenas prácticas en seguridad de la información para el teletrabajo en Colombia
    (Fundación Universitaria Los Libertadores. Sede Bogotá., ) Sánchez Castillo, Carmen Rosa; Gavilán Ordóñez, Miller Camilo; Mateus Gutiérrez, Miguel Ángel; Serrato Rodriguez, Yenny Isabel
    Over the years, information technologies have presented different changes that are of immense help to people and companies, they allow procedures for payments, sending information or identification to be carried out in an agile way, facilitating the interaction between people and devices; Due to this, the following questions arise, how safe are the innovative technologies? How to protect information against computer crimes? How to save company data with these modern technologies? This research aims to publicize the importance of protecting information in the work modality that today is becoming more common "Telecommuting", it should be clarified, that currently Colombia does not have enough recommendations or good practices to implement controls that help minimize, reduce, minimize and avoid risks in this work modality, therefore, a list of recommendations will be developed to take advantage of tactics or ways to secure data in information systems regardless of where it is accessed.
  • Miniatura
    Ítem
    Ciberseguridad Inclusiva: Abordando Desafíos en Población con discapacidad Auditiva, Sensibilización en Seguridad de la información en ASORSUB
    (2023-01-21) Sierra Ortiz, Sandra Milena; Muñoz Naranjo, Luis Andrés; Pulido Rivera, Angela Adriana; Herrera, Héctor Manuel
    La presente investigación tiene como objetivo explorar los desafíos específicos que enfrentan las personas con discapacidad auditiva en el ámbito de la ciberseguridad, así como proponer estrategias para garantizar su inclusión digital segura. Se llevó a cabo un primer acercamiento con un reducido grupo de personas sordas utilizando la herramienta de recopilación de datos, el Formulario en línea Google Forms, con el fin de obtener información personal relevante. A través de la implementación de tecnologías de la información y comunicación (TIC), se organizó una video llamada con la asistencia de un intérprete de lenguaje de señas para facilitar la comunicación. Este primer contacto reveló una carencia significativa que afecta a la población con discapacidad, en particular a aquellos con discapacidad auditiva. Con el objetivo de abordar esta problemática, se planteó la creación de un espacio de formación en ASORSUB (Asociación de Sordos de SubaBogotá). Durante esta formación, se discutieron las técnicas a las que estas personas podrían estar expuestas como posibles víctimas, con el propósito de aumentar la conciencia en esta población y, al mismo tiempo, extender esta conciencia a sus familiares. Se enfatizó que, al igual que cualquier otra persona, están en riesgo de caer en manos de individuos malintencionados. Además de la formación presencial, se propuso la creación de un canal en YouTube. A través de este canal, se proporcionará acceso a información sobre seguridad y buenas prácticas adaptadas específicamente a las necesidades de las personas sordas, contribuyendo así a fortalecer su capacidad de protegerse y tomar decisiones informadas en situaciones potencialmente peligrosas.
  • Miniatura
    Ítem
    Delitos informáticos que afectan los consumidores financieros del Banco Davivienda
    (Fundación Universitaria Los Libertadores. Sede Bogotá., ) Cañas Quiroga, Martha Cecilia; Cuellar Sosa, Angie Lorena; Marín Aguirre, Andrea Pola; Fernández Wilmar, Jaimes
    Along with technological evolution, which has been driven by innovation, digital transformation accelerated by the covid-19 pandemic, the financial sector has faced an increase in computer crime rates. This situation has obliged financial entities to adopt, implement or reinforce their systems of computer security management, taking into account not only that information is the most important business asset but in offering its customers levels of security convenient to generate confidence and positive experiences when using the digital channels. Both regulatory bodies and financial institutions have invested a great deal amount of resources and efforts to minimize the risk of being victims of crimes computerized, largely oriented to design and implement campaigns focused in making users aware of criminal modalities and the way in which can prevent being victims of these. With the present work, information will be collected through a survey of 180 consumers of the Davivienda bank, with the aim of determining the index of knowledge of those surveyed about criminal modalities, existence of the awareness campaign "La Tía Segura" and how effective is this campaign.
  • Miniatura
    Ítem
    Diseño de una política de seguridad de la información para la empresa Well Done Marketing y Promoción
    (Fundación Universitaria Los Libertadores. Sede Bogotá., ) Arevalo, Sergio Andres; Alberto Arévalo, Jaime; Rozo, Roger Eduard; Hernández, Wilmar Jaimes
    In recent decades, information and communication technologies have been in constant evolution which has brought great benefits for humanity, however criminal methods have also evolved in the face of information theft issues, the present work identifies the need of the company Well Done Marketing Y Promoci´on, to implement an information security policy that contributes to minimizing the risks in the information related to the operation of the business. Since the Well Done company currently lacks this information security policy and risks have been noted on the QSD-clients application presenting a critical state of exposure to risks associated with both the operation and the areas that converge with this system. The objective of this study is to design an information security policy for a private sector entity, dedicated to the commercialization of products. A process of observation and initial interviews was carried out that identified vulnerabilities that put at risk and compromise the financial area of the company and that can be mitigated with the design and implementation of controls. In order to obtain the proposed information security policy, it was developed in three chapters, such as: Information collection, Analysis and identification of risks and vulnerabilities, and Design mitigation plan that would result in the Information Security Policy.
  • Miniatura
    Ítem
    Diseño de una política de seguridad de la información para la empresa well done marketing y promoción.
    (Fundación Universitaria Los Libertadores. Sede Bogotá., ) Arévalo, Sergio Andrés; Arévalo, Jaime Alberto; rozo, Roger Eduard; saarevalos@libertadores.edu.co
    In recent decades, information and communication technologies have been in a constant evolution which has brought great benefits to humanity, however, criminal methods have also been evolving in the face of information theft, the present work is identical to the need of the company Well Done Marketing and Promotion, to implement an information security policy that contributes to minimizing the risks in the information related to the operation of the business. Since the company Well Done currently lacks this information security policy and risks have been noted on the QSD-client application, presenting a critical state of exposure to risks associated with both the operation and the areas that converge with this system. The objective of this study is to design an information security policy for a private sector entity, dedicated to the commercialization of products. An observation process and initial interviews were carried out that identified vulnerabilities that put at risk and compromise the financial area of ​​the company. company and that can be mitigated with the design and implementation of controls. To obtain the proposed information security policy, it was developed in three chapters, such as Information Collection, Analysis and identification of risks and vulnerabilities, and Design of a mitigation plan that would result in the Information Security Policy.
  • Miniatura
    Ítem
    Diseño e implementación de capacitación en adultos mayores para prevenir técnicas de engaños digitales
    (Fundación Universitaria Los Libertadores. Sede Bogotá., ) Sandoval Guarín, Laura Valentina; Castillo Gamba, Francy Milena; Guevara Amaya, Andrés Eduardo; Herrera Herrera, Héctor Manuel; Herrera, Héctor Manuel
    To analyze the impact of fraud and theft attacks through digital media on the older adults, especially in the San Luis and Villa Alsacia neighborhoods, it is necessary to develop a brief explanation of terms related to social engineering, regulation, law and concepts in order to determine which are the most used social engineering techniques to affect this age group of the Colombian population. Another important aspect is to determine if there are policies or campaigns on the part of the entities government agencies to mitigate and prevent the occurrence of incidents related or provoked. Thanks to real world examples of how citizens, entities governments and companies have been harmed and leads to identifying the problems and classify them as socioeconomic problems that can affect the families of people, work environments or companies in general. Therefore it is possible to implement basic concepts of social engineering and cybersecurity at the level education in order to reduce the gap between ignorance and fear.
  • Miniatura
    Ítem
    Diseño e implementación de la estrategia de concienciación digital de ciberseguridad en el área de ti para la compañía colombiana de comercio
    (Fundación Universitaria Los Libertadores. Sede Bogotá., ) Pérez Briñez, Mónica Patricia; Fernandez, Wilmar Jaimes
    Information is currently considered one of the most important assets in organizations, not only as a fundamental input for the processes, but as a resource that properly managed allows defining organizational strategies, which has not been in the public sector, especially in what has to do with their protection. Being considered the information as an asset of great value, the companies of the sector of technology have been giving relevance to its management and protection, contemplating the implications of not taking it into account. The project aims to know what impact designing and implementing a strategy of cyber digital awareness mediated by an E-Learning instrument, to strengthen the knowledge in Information Security in the employees of the IT area of ​​the Colombian company of Commerce; that allows to generate learning processes by through the development of theoretical activities - practices mediated by the DI methodology (Instructional Design) and the ADDIE model (analysis, design, development, implementation and evaluation) on Cybersecurity.