**6. Proposals to improve information security**

After having analyzed all the published articles [5–31] that are directly related to this chapter of the book, the following activities to improve the management of information security are proposed to be carried out.

#### **6.1 Improve administrative processes**

In administrative processes, it is important that planning bodies modify the functional structural organization of public organizations, considering the good practices of Cobit 5.0. In the organic structure, the general manager (CEO) and the information and communications technologies (ICT) manager (CIO) must be at the same level.

**Figure 2** defines a generic structure chart suitable for public organizations where the manager/coordinator/director of information and communications technologies (ICT) can govern the organization to comply with the recommendations of Cobit 5.0.

## *6.1.1 Change of culture in information and communications technologies (ICT)*

To make the change in the information and communications technologies (ICT) culture, a training plan is required, with an appropriate methodology at all operational, tactical, and strategic levels, especially at the strategic level so that they are clear. For an organization to be competitive and the management of information security to improve, information and communications technologies (ICT) must govern public organizations.

This change of culture at the level of high-level officials of public organizations is necessary to execute, considering that 95% of the authorities of public organizations defined by information and communications technologies (ICT) at the operational level are convinced that they are simply a support for the management of the organization [7].

#### *6.1.2 Processes and activities that should be considered*

To carry out this activity, it can be executed through different types of indicators in the information and communications technologies (ICT) area; in this case, the following indicators are used as an alternative: Degree of Utilization, Degree of Support for the Process, Degree of Use, Degree of Online Support,

**155**

*An Approach to Optimize the Management of Information Security in Public Organizations…*

Degree of Scope, Degree of Coverage, Degree of Operational Support, Degree of Management Support, and Degree of Support Corporate. This allows to determine the current situation of the organization in all areas. With this information, it is more feasible to identify the information security situation to improve its

Another alternative to get to identify the current situation of information

In **Figure 3**, the frequent questions are asked with the objective that during this process the entry of the information is determined and also the output of the information with identity, authenticity, authorization and audit (IAAA) and

Consider the results obtained in the different articles published on the public organizations of Ecuador, to consider as an alternative with the objective of improv-

1.Adopt or generate a training plan with appropriate methodology for the public organization for the change of computer culture at the operational, tactical,

2.Perform the analysis and define the organizational structure of the organization considering the Cobit 5.0 methodology as a reference, where the general manager (CEO) and the manager/coordinator/director of information and communications technologies (ICT) equivalent to chief information officer (CIO) have the same level of authority and the CIO is the one who governs the organization.

3.Carry out the analysis to define the vulnerabilities, risks, and threats that are

5.Consider the application of ISO 27001:2013 regarding the certification process by FIRST (International Incident Management Community, CSIRTS, and

methodologies to integrate information security management in a globalized

6.Take into account the good practices of the Cobit 5.0, ITIL, and COSO

4.Define the structure for the execution of the project: general coordinator, specialist in information security, process specialist, administrator of information and communications technologies (ICT) infrastructures, etc., all with academic training in the area of knowledge at all levels, engineering, masters, and if the case deserves in the doctorate fulfilling standards of the

SENESCYT and UNESCO. Also have a referential budget.

*6.1.3 Phases that must be considered to improve the security of information*

security is to ask the following frequently asked questions:

confidentiality, integrity and availability (CIA).

ing the security of information [7–33].

and strategic levels.

generated.

CERTS).

manner.

*DOI: http://dx.doi.org/10.5772/intechopen.88931*

*Frequently asked questions on information security.*

management [7].

**Figure 3.**

#### **Figure 2.**

*Generic structural organization chart of a public organization.*

*An Approach to Optimize the Management of Information Security in Public Organizations… DOI: http://dx.doi.org/10.5772/intechopen.88931*

**Figure 3.** *Frequently asked questions on information security.*

*Fault Detection, Diagnosis and Prognosis*

**6. Proposals to improve information security**

information security are proposed to be carried out.

**6.1 Improve administrative processes**

tions of Cobit 5.0.

govern public organizations.

of the organization [7].

*6.1.2 Processes and activities that should be considered*

*Generic structural organization chart of a public organization.*

After having analyzed all the published articles [5–31] that are directly related to this chapter of the book, the following activities to improve the management of

In administrative processes, it is important that planning bodies modify the functional structural organization of public organizations, considering the good practices of Cobit 5.0. In the organic structure, the general manager (CEO) and the information and communications technologies (ICT) manager (CIO) must be at the same level. **Figure 2** defines a generic structure chart suitable for public organizations where the manager/coordinator/director of information and communications technologies (ICT) can govern the organization to comply with the recommenda-

To make the change in the information and communications technologies (ICT) culture, a training plan is required, with an appropriate methodology at all operational, tactical, and strategic levels, especially at the strategic level so that they are clear. For an organization to be competitive and the management of information security to improve, information and communications technologies (ICT) must

This change of culture at the level of high-level officials of public organizations is necessary to execute, considering that 95% of the authorities of public organizations defined by information and communications technologies (ICT) at the operational level are convinced that they are simply a support for the management

To carry out this activity, it can be executed through different types of indica-

tors in the information and communications technologies (ICT) area; in this case, the following indicators are used as an alternative: Degree of Utilization, Degree of Support for the Process, Degree of Use, Degree of Online Support,

*6.1.1 Change of culture in information and communications technologies (ICT)*

**154**

**Figure 2.**

Degree of Scope, Degree of Coverage, Degree of Operational Support, Degree of Management Support, and Degree of Support Corporate. This allows to determine the current situation of the organization in all areas. With this information, it is more feasible to identify the information security situation to improve its management [7].

Another alternative to get to identify the current situation of information security is to ask the following frequently asked questions:

In **Figure 3**, the frequent questions are asked with the objective that during this process the entry of the information is determined and also the output of the information with identity, authenticity, authorization and audit (IAAA) and confidentiality, integrity and availability (CIA).
