Evaluation of the information technology security of the GAD municipal de Esmeraldas based on internal control standards.
DOI:
https://doi.org/10.56294/dm2025185Keywords:
ISO27001:2022, IT risk, internal control standard 410, security policiesAbstract
This research focuses on an audit of information technology security, compliance with current legal regulations, Internal Control Standard (ICS) 410, and the need to constantly evaluate the control environment of a municipality. The type of research was mixed: bibliographic-descriptive, bibliographic for the elaboration of the frame of reference with the collection of existing information in similar research, articles, and regulations; descriptive to collect, analyze and present the information obtained, both through the techniques used (survey, interview, and observation) in the field work and with the application of analytical, deductive and inductive methods, which provided a more complete view of the problem. During the presentation and discussion of the results, an analytical and refined exposition of the main findings was made, evidencing the level of IT risk and the low level of compliance with internal control standards, both those promulgated by the Comptroller General of the State and those established by ISO27001:2022. In the final report, due to the low incidence of the mechanisms implemented on the security of IT assets and existing technological infrastructure, in addition to the conclusions, recommendations and corrective actions that the institution should incorporate to formalize and strengthen its information security management system, through an improvement plan that involves the implementation of institutional security policies, were also included.
References
1. Ecuador. Ministry of Telecommunications and Information Society. Cybersecurity Policy of Ecuador. Ministerial Agreement 006-2021. Registro Oficial del Ecuador Nº479. (June 23, 2019).
2. Ecuador. Ministry of Telecommunications and Information Society. Governmental Information Security Scheme - EGSI. Ministerial Agreement Nº MINTEL-2024-0003. Registro Oficial del Ecuador Nº509. (March 1, 2024).
3. International Organization for Standardization / International Electrotechnical Commission. ISO/IEC 27001:2022. Information security, cybersecurity and privacy protection - Information security controls. (October 25, 2022).
4. Ecuador. Office of the Comptroller General of the State. Internal Control Standards for Entities, Public Sector Agencies and Legal Entities under Private Law that have public resources. Agreement No. 004-CG-2023. Official Gazette (February 7, 2023).
5. European Parliament and Council. Regulation (EU) on ENISA (European Union Cybersecurity Agency) and on the certification of information and communications technology cybersecurity. (April 17, 2019).
6. ISO27001security. 2022. [Accessed December 13, 2023]. Available from: https://www.iso27001security.com/html/27001.ht
7. Decentralized Autonomous Municipal Government of Esmeraldas Canton (GADMCE). Plan de Ordenamiento y Desarrollo Territorial del Cantón Esmeraldas (Territorial Planning and Development Plan of Esmeraldas Canton) (2020).
Downloads
Published
Issue
Section
License
Copyright (c) 2025 David Leonardo Rodríguez Portes, Mario Bernabé Ron Egas, Daisy Elizabeth Imbaquingo Esparza (Author)
This work is licensed under a Creative Commons Attribution 4.0 International License.
The article is distributed under the Creative Commons Attribution 4.0 License. Unless otherwise stated, associated published material is distributed under the same licence.
