Could an ISMS Model (ISO/IEC 27001:2013 Standard) Implementation Really Protect Public Data?

This paper aims to present the experience on the design and implementation of an Information Security Management System (ISMS) model given under the international standard ISO/IEC 27001:2013 for the security of public data. To do this, the model taken as a reference is the one implemented by the Property Registry of the Pedro Moncayo Canton (PRPMC), Pichincha Province, Ecuador which due to its operability in the management of public data, brought about the achievement of said ISO international seal on Information Security and therefore became a benchmark for good practices in Ecuador at a national level. A quantitative methodology was used to analyze the design of the ISMS adopted by the PRPMC, under the international standard ISO/IEC 27001:2013 with the integration of some national regulations issued by the different competent control bodies. When a model is implemented, it can be considered that it indisputably ensures public data at a good level and allows us to be prepared through a contingency plan in the face of any adversity that implies damage or loss of physical or digital information and therefore be able to continue operating. In the same way, through the Gray Box-type ethical hacking reports, the evolution of the security and vulnerabilities of public data allocated at servers and in the cloud is shown. In the Property Registry case, the object of this study, it can be determined that said institution has reached a high standard of security of public data that guarantees reliability and trust of the procedures and contracts registered by the owners of any type of property in the canton. As a conclusion then it is recommended to take the protection of personal information of citizens as an obligation of the Ecuadorian State. This can be done through the updating of regulations so that the entities that handle public data are forced to implement information security based on these international standards.