*2.1.1 Analysis of information security pillars*

Public organizations in Ecuador have vulnerabilities, and as a result, threats and risks are generated for not having adequate procedures for users to have identity, authenticity, authorization, and audit (IAAA), so that the delivery of the information to internal and external users is with confidentiality, integrity, and availability (CIA), then the general description of the following pillars of security will be made.


**149**

*An Approach to Optimize the Management of Information Security in Public Organizations…*

• Confidentiality of the information is considered to be the right that guarantees access only to the personnel that previously have authorization under its

• Integrity of the information is when the information is not modified from the beginning of its generation until the final delivery to the authorized persons.

• Availability of information, so that it can be used by users; depending on a technological infrastructure, the availability of information can be guaranteed.

To solve the problems of the security information of vulnerabilities, risks, threats, which has a direct relationship with the identity, authenticity, authorization, audit (IAAA) and with the security triangle confidentiality, integrity, availability (CIA), one of the alternatives is to carry out the risk analysis; apply the Cobit 5.0 methodology references adapted to the public organization regarding information security ISO 27001; evaluate the degree of knowledge and implementation of information security management systems, based on the norm NCh-ISO 27001, ITIL, COSO; generate or adopt models and appropriate security technologies for each organization; apply immutable security algorithms; generate or adopt own methodologies of the organization for the change of computer culture; and make plans of security, among others.

To solve the problems of vulnerabilities, risks, threats; which has a direct relationship with the identity, authenticity, authorization, audit (IAAA) and with the security triangle confidentiality, integrity, availability (CIA); one of the alternatives is: Carry out the risk analysis, Apply the Cobit 5.0 methodology references adapted to the public organization regarding information security ISO 27001, evaluation of the degree of knowledge and implementation of information security management systems, based on the norm NCh-ISO 27001, ITIL, COSO, generate or adopt models, appropriate security technologies for each organization, apply immutable security algorithms, generate or adopt own methodologies of the organization for

Also take as a reference other similar projects such as the one applied in a health

Below is a list of the articles published in different conferences and scientific journals directly related to the public organizations of Ecuador, in the area of information and communications technologies (ICT) and information security.

Indicator Model for measuring the Alignment between Institutional Strategies and ICT Strategies for a Public Sector Company [7], Las TIC en el Ecuador [8], Tecnologías de Información y Comunicación Impactan la Optimización de los Procesos para el Desarrollo Local [9], Analysis to define management of identities access control of security processes for the registration civil from Ecuador [10], security analysis of civil registry database of Ecuador [11], an approach to information security by applying a conceptual model of identities in smart cities projects [12], adequate

the change of computer culture, make plans of security among others.

*2.1.2 Consequence due to the incorrect management of information security*

*2.1.3 Alternatives to solve information security problems*

*DOI: http://dx.doi.org/10.5772/intechopen.88931*

responsibility.

institution in Chile [6].

**3. Related investigations**

**3.1 Publications related to the research topic**

*An Approach to Optimize the Management of Information Security in Public Organizations… DOI: http://dx.doi.org/10.5772/intechopen.88931*


#### *2.1.2 Consequence due to the incorrect management of information security*

To solve the problems of the security information of vulnerabilities, risks, threats, which has a direct relationship with the identity, authenticity, authorization, audit (IAAA) and with the security triangle confidentiality, integrity, availability (CIA), one of the alternatives is to carry out the risk analysis; apply the Cobit 5.0 methodology references adapted to the public organization regarding information security ISO 27001; evaluate the degree of knowledge and implementation of information security management systems, based on the norm NCh-ISO 27001, ITIL, COSO; generate or adopt models and appropriate security technologies for each organization; apply immutable security algorithms; generate or adopt own methodologies of the organization for the change of computer culture; and make plans of security, among others.

#### *2.1.3 Alternatives to solve information security problems*

To solve the problems of vulnerabilities, risks, threats; which has a direct relationship with the identity, authenticity, authorization, audit (IAAA) and with the security triangle confidentiality, integrity, availability (CIA); one of the alternatives is: Carry out the risk analysis, Apply the Cobit 5.0 methodology references adapted to the public organization regarding information security ISO 27001, evaluation of the degree of knowledge and implementation of information security management systems, based on the norm NCh-ISO 27001, ITIL, COSO, generate or adopt models, appropriate security technologies for each organization, apply immutable security algorithms, generate or adopt own methodologies of the organization for the change of computer culture, make plans of security among others.

Also take as a reference other similar projects such as the one applied in a health institution in Chile [6].

### **3. Related investigations**

#### **3.1 Publications related to the research topic**

Below is a list of the articles published in different conferences and scientific journals directly related to the public organizations of Ecuador, in the area of information and communications technologies (ICT) and information security.

Indicator Model for measuring the Alignment between Institutional Strategies and ICT Strategies for a Public Sector Company [7], Las TIC en el Ecuador [8], Tecnologías de Información y Comunicación Impactan la Optimización de los Procesos para el Desarrollo Local [9], Analysis to define management of identities access control of security processes for the registration civil from Ecuador [10], security analysis of civil registry database of Ecuador [11], an approach to information security by applying a conceptual model of identities in smart cities projects [12], adequate

*Fault Detection, Diagnosis and Prognosis*

tiality, integrity, and availability (CIA).

*2.1.1 Analysis of information security pillars*

technological or manual system.

fied and has an authentication is entitled.

time in processes of computer audits.

authentication, authorization, and audit (IAAA) and the second with the confiden-

Public organizations in Ecuador have vulnerabilities, and as a result, threats and risks are generated for not having adequate procedures for users to have identity, authenticity, authorization, and audit (IAAA), so that the delivery of the information to internal and external users is with confidentiality, integrity, and availability (CIA), then the general description of the following pillars of security will be made.

• Identity is considered to internal or external users who have access to information.

• Authentication corresponds to the identification of users for access through

• Authorization corresponds to what information the user who has been identi-

• Audits are the processes and activities performed in the user and recorded in a log to store their identity, authentication, and authorization, to be used at any

**148**

**Figure 1.**

*Pillars of information security.*

security protocols adopt in a conceptual model in identity management for the civil registry of Ecuador [13], analysis of model Clark Wilson to adopt to the database of the civil registry of Ecuador [14], mitigating the security of the database by applying a conceptual model of integrity for the civil registry of Ecuador [15], a security algorithms approach to apply to the civil registry database of the Ecuador [16], conceptual model for identity management to mitigate the database security of the registry civil of Ecuador [17], adoption of the Hash algorithm in a conceptual model for the civil registry of Ecuador [18], an approach of efficient security algorithms for distribute architectures [19], biometric systems approach applied to a conceptual model to mitigate the integrity of the information [20], algorithms for efficient biometric systems to mitigate the integrity of a distributed database [21], analysis of efficient processes for optimization in a distributed database [22], analysis of HIPAA for adopt in the information security in the civil registry of the Ecuador [23], a blockchain approach to mitigate information security in a public organization for Ecuador [24], analysis of the appropriate security models to apply in a distributed architecture [25], optimization of an electronic signature scheme in a voting system in a distributed architecture [26], ensuring the blind signature for the electoral system in a distributed environment [27], analysis cryptographic for electronic votes in systems of distributed architectures [28], an approach to the efficient security algorithms used in voting scanning in an electoral process [29], a homomorphic encryption approach in a voting system in a distributed architecture [30], analysis of security algorithms for a distributed database [31], a Hyperledger scheme for the deployment of smart contracts in a public organization of Ecuador [32], analysis of adequate bandwidths to guarantee an electoral process in Ecuador [33], appropriate security protocols to mitigate the risks in electronic money management [34], cryptographic algorithms to mitigate the risks of database in the management of a smart city [35], impact on the information security management due to the use of social networks in a public organization in Ecuador [36], an information security approach in the armed forces of Ecuador [37].
