Framework for the optimal design of an information system to diagnostic the enterprise security level and management the information risk based on ISO/IEC-27001

Abstract

This paper presents the framework for the optimized development of a digital platform based on ISO/IEC-27001 with the objective of making an initial diagnosis regarding the informatics security level in any company. In addition, the optimization process considers that the diagnostic results should be clear and direct, to making possible the fast security risk mitigation. In particular, the optimization process is based on the analysis of a conventional Management Information System framework in order to propose a novel customized framework for ISO/IEC-27001 applications. Thus, an optimized Management Information System is proposed which is the basis of the optimized digital platform. As preliminary results, the reduction of needed elements for the initial diagnosis for the informatics security promotes the simplicity of the application and thus, increases the possibility of applying the ISO/IEC-27001 to a greater amount of users, which means that it is promoted cybersecurity.