**Abstract**

The problems of information security in public organizations in Ecuador are evident, which, as a result, have led to corruptions that are present at all levels of operational, tactical and strategic management. The objective of this chapter is to analyze the available information found in different media, written, spoken, among others. The deductive method was used for the collection of information and observation techniques. It turned out the improve in the administrative processes, prototype diagram of sequence of access of users and services, prototype of integration of technologies of security of the information for public organizations of Ecuador. It was concluded that to avoid corruption in a country change should happen at all levels: the way of thinking and culture of the inhabitants, laws, penalties to politicians without parliamentary immunity, application of information and communications technologies (ICT) in an appropriate manner, and complying with international standards in information security. To improve information security, administrative policies on information security must be changed, and technologies related to immutable security algorithms, Ledger, Hyperledger, etc., must be used.

**Keywords:** information security, information security management, database security, public organizations of Ecuador, security models, cryptography

### **1. Introduction**

Public organizations in Ecuador have problems in the management of Information Security. The "Ministry of Telecommunications and the Information Society" ratify that information security problems persist. According to the publication of the "White Book of the Information and Knowledge Society", it turned out that only 8% comply with the Security Policies, and those responsible for information security that are part of IT have 51% and that are part of Contingency Plan only have 16%, among other security indicators [1].

The company Deloitte conducted a study in 2017 concerning the problem of information security, and the results were published by the "White Paper on the Information and Knowledge Society," in which more than 50 national and

**144**

*Fault Detection, Diagnosis and Prognosis*

0166-3615

**References**

pp. 134-139

[1] Selak L, Butala P, Sluga A. Condition monitoring and fault diagnostics for hydropower plants. Computers in Industry. 2014;**65**(6):924-936. ISSN

[9] Ding SX. Model-Based Fault Diagnosis Techniques. Berlin, Heidelberg: Springer-Verlag; 2009. eBook ISBN: 978-3-540-76304-8; DOI:

10.1007/978-3-540-76304-8

[10] Helio PA Jr, Levy AFS,

Brasil. 2009

São Paulo. 2010

2011. pp. 1-6

Parciais em Máquinas Elétricas Rotativas. In: XX SNPTEE, Recife,

[12] Piirainen J. Applications of

[14] Wenye W, Zhuo L. Cyber security in the smart Grid: Survey and challenges. Computer Networks.

[15] Guimaraes PHV, Murilo A,

Confiabilidade, Segurança e Escalabilidade. In: Minicursos do Simpósio brasileiro de redes de computadores—SBRC-2013, Brasília,

DF, Brazil. 2013. pp. 101-164

Andreoni M, Mattos DMF, Ferraz LHG, Pinto FAV, et al. Comunicação em redes elétricas inteligentes: Eficiência,

2013;**57**(5):1344-1371

Carvalho AT. Estudo sobre a Influência dos Acopladores Capacitivos na Sensibilidade da Medição de Descargas

[11] Omori J. O projeto de Smart Grid da COPEL. In: Smart Grid Brazil Forum,

horizontal communication in industrial power stations [Master in science thesis]. Tampere University; 2010

[13] Xin Y, Baldine I, Chase J, Beyene T, Parkhurst B, Chakrabortty A. Virtual smart grid architecture and control framework. In: IEEE Conference Publications (SmartGridComm). IEEE;

[2] Perez GA, Nelson K. Integration of distributed generation in power distribution networks and its structure as an intelligent generation system. In: 2015 IEEE PES Innovative Smart Grid Technologies Latin America (ISGT LATAM). Montevideo, Uruguai.

[3] Working Group A1.11. Guide for On-Line Monitoring of Turbogenerators. CIGRE; 2010

[4] Working Group A1.10. Survey of Hidrogenerator Failures. CIGRE; 2009

[5] Wenye W, Yi X, Mohit K. A survey on the communication architectures in smart grid. Computer Networks.

[6] Wei D, Lu Y, Jafari M, Skare P, Rhode K. An integrated security system of protecting Smart Grid against cyber attacks. Innovative Smart Grid Technologies (ISGT). United States, Gaithersburg, MD; 2010:1-7. Available from: https://doi.org/10.1109/ ISGT.2010.5434767. INSPEC Accession

[7] Xiang L, Wenye W, Jianfeng M. An empirical study of communication infrastructures towards the smart grid: Design, Implementation and evaluation. IEEE Transactions on Smart Grid.

[8] Isermann R. Fault Diagnosis Systems—An Introduction from Fault Detection to Fault Tolerance. Berlin, Heidelberg, New York: Springer; 2009. ISBN-10 3-540-24112-4. ISBN-13 978-3-540-24112-6. Library of Congress

Control Number: 2005932861

2011;**55**(15):3604-3620

Number: 11205470

2013;**4**(1):170-183

multinational companies participated to improve information security management and the following was determined:


Among others defined by the CENDIA published in 2017 that is recorded in the "White Paper of the Information and Knowledge Society".

The implementation projects of the Information Security Management System ISO 27000 ensure all the information assets to have complete control of the organization according to what is stated in the book "Public Companies and Planning" [2].

The security of information is critical today in all public or private organizations; based on this reason, it is necessary that Latin and world universities generate specialized careers in the area of information security to provide qualified personnel considering that information security is a key aspect for the management of an organization [3].

With the foregoing, it is confirmed that public and private organizations in Ecuador and in a large part of the world have serious problems of information security. Information is considered as data, videos, sound, and documents, among others, that can be saved, shared, socialized, etc.

Therefore, mishandling of information can lead to failure of organizations; on the other hand, correct decisions can be made based on information that provides confidentiality, integrity, and authenticity.

In accordance with the current paradigms in information security and computer auditing, the following most relevant points to be considered by public organizations to improve information security management were determined:

1.Change of information security culture in first level executives, so that they consider that information security is not a cost, but is an investment to guarantee the mission, vision, and strategic objectives of an organization.

**147**

*An Approach to Optimize the Management of Information Security in Public Organizations…*

3.The structural and functional organizations currently available to public organizations do not allow information and communications technologies (ICT) coordinators/directors/managers to govern the organization.

4.The lack of planning and control in a globalized way for the generation of security plans, contingency, backup, and protection against natural disasters, etc., causes vulnerabilities, risks, and threats in the security of information in

5.Adequate security models and technologies are required for each public organi-

6.There should be qualified personnel with experience with an average 10 years in the area of information security and with academic training at all levels (Engineering, Master's, and Doctorate) in the same area of knowledge in accordance with the provisions of UNESCO, SENESCYT, CES (title nomencla-

7.The World Bank determines that one of the main causes for corruption in Latin America and the Caribbean is that there is no adequate management of Information and Communications Technologies (ICT) in the area of Information Security, and proposes to use it as technologies' alternative such as blockchain, Ledger, and Hyperledger. It also clarifies that as long as there is direct human intervention in the processes and no adequate technologies are used, there will be a greater probability of corruption and the only ones who pay for this incorrect management will be the low-income inhabitants [5].

Information security worldwide is considered the main fixed asset of a public or private organization. With the appropriate management of information, corruption in public-private organizations can be avoided, such as transfers of money without due authorization, terrorist attacks, information theft, manipulation of processes and legal reports, kidnappings, violations, accidents, prevention of natural disasters, etc.

To carry out the analysis of information security, the current situation and the functions of the security pillars must be considered clearly: vulnerabilities, risks, threats, which will have a direct relationship with the identity, authenticity, authorization, and audit (IAAA), so that the information is with confidentiality, integrity,

The following is a structure for the security of information in public organizations of Ecuador, considering the pillars of security to mitigate the vulnerabilities,

**Figure 1** shows that information systems have vulnerability, threats, and risk generation and have two layers of security that are covered first with the identity,

zation considering the mission, vision, and strategic objectives.

and responsible party in order to maintain the integrity of the information. One of the main errors in the management of information security in public companies is that we are convinced that only those who handle information or

*DOI: http://dx.doi.org/10.5772/intechopen.88931*

strategic managers are responsible.

the organization.

ture) [4].

**2. Security of the information**

**2.1 Pillars of information security**

threats, and risks of information.

and availability (CIA).

2.All persons working in public organizations, both the first authority and the lowest office, which may be the custodian or guard, are an important and responsible party in order to maintain the integrity of the information. One of the main errors in the management of information security in public companies is that we are convinced that only those who handle information or strategic managers are responsible.

