Dynamic Cybersecurity Model based on ISO standards for Higher Education Institutions in Colombia

Abstract

Introduction: This article is the result of a research process whose product was to generate a guide for Higher Education Institutions (in Spanish, IES) to adopt a Cybersecurity Model based on ISO standards (International Organization for Standardization). Problem: IES do not have a cybersecurity model aligned to the ISO / IEC 27032: 2012 standard (International Organization for Standardization / International Electrotechnical Commission), which causes a lack of clarity and uncertainty in the level of maturity and low efficiency in processes and information security controls to be implemented. Objective: Propose a dynamic model of cybersecurity based on ISO standards for IES. Methodology: The development of this work was oriented under a line of applied research, by virtue of the fact that it was necessary to address the problem based on previous knowledge that allowed supporting the theoretical contributions and the activities proposed to determine the possible causes of the problem and give it a possible solution. Results: The generation of this dynamic model allows it to be adapted to the different needs and requirements of IES. Conclusion: IES can implement a cybersecurity model to prevent and protect information at the cyberspace level. Originality: The work carried out generates a great contribution, which is the generation of a dynamic cybersecurity model, since at present there are no specific models for IES. Limitations: The model implementation guide is established in a general way to be applied later to an organization in any sector. Keywords: Dynamic Cybersecurity Model, Higher Education Institutions, ISO/IEC 27032: 2012, Security Standards.