**2. Security of the information**

Information security worldwide is considered the main fixed asset of a public or private organization. With the appropriate management of information, corruption in public-private organizations can be avoided, such as transfers of money without due authorization, terrorist attacks, information theft, manipulation of processes and legal reports, kidnappings, violations, accidents, prevention of natural disasters, etc.

### **2.1 Pillars of information security**

To carry out the analysis of information security, the current situation and the functions of the security pillars must be considered clearly: vulnerabilities, risks, threats, which will have a direct relationship with the identity, authenticity, authorization, and audit (IAAA), so that the information is with confidentiality, integrity, and availability (CIA).

The following is a structure for the security of information in public organizations of Ecuador, considering the pillars of security to mitigate the vulnerabilities, threats, and risks of information.

**Figure 1** shows that information systems have vulnerability, threats, and risk generation and have two layers of security that are covered first with the identity,

*Fault Detection, Diagnosis and Prognosis*

and the following was determined:

awareness in information security.

the lack of competent personnel.

almost 20% said they will have one by 2018.

7.The 36% did not have a disaster recovery plan.

Information Security Officer (Deloitte, 2017) [1].

"White Paper of the Information and Knowledge Society".

others, that can be saved, shared, socialized, etc.

confidentiality, integrity, and authenticity.

security.

multinational companies participated to improve information security management

1.Around 50% had some security breach, and of this, 20% could not determine the impact of this gap, since they did not have an incident management process.

2.Nearly 50% indicated that their main initiative for 2018 will be training and

3.More than 50% cited as one of their main difficulties the lack of budget, followed, very closely, by aspects such as the lack of visibility and influence and

5.The 20% were prepared to face security incidents, originated in social networks.

4.Around 75% did not measure the return on investments in information

6.The 60% did not have an SOC (Security Operation Center); meanwhile,

8.As a result of internal and external reviews of companies, user management remains the most shaky element in the management of CISOs (Chief

Among others defined by the CENDIA published in 2017 that is recorded in the

The implementation projects of the Information Security Management System ISO 27000 ensure all the information assets to have complete control of the organization according to what is stated in the book "Public Companies and Planning" [2]. The security of information is critical today in all public or private organizations; based on this reason, it is necessary that Latin and world universities generate specialized careers in the area of information security to provide qualified personnel considering that information security is a key aspect for the management of an organization [3]. With the foregoing, it is confirmed that public and private organizations in Ecuador and in a large part of the world have serious problems of information security. Information is considered as data, videos, sound, and documents, among

Therefore, mishandling of information can lead to failure of organizations; on the other hand, correct decisions can be made based on information that provides

In accordance with the current paradigms in information security and computer auditing, the following most relevant points to be considered by public organiza-

1.Change of information security culture in first level executives, so that they consider that information security is not a cost, but is an investment to guaran-

tee the mission, vision, and strategic objectives of an organization.

2.All persons working in public organizations, both the first authority and the lowest office, which may be the custodian or guard, are an important

tions to improve information security management were determined:

**146**

**Figure 1.** *Pillars of information security.*

authentication, authorization, and audit (IAAA) and the second with the confidentiality, integrity, and availability (CIA).
