AUTOMATION OF AN INFORMATION SECURITY MANAGEMENT SYSTEM BASED ON THE ISO/IEC 27001 STANDARD

The present work aims to describe the requirements for the implementation and the necessary documentation of an Information Security Management System (ISMS). Automation consists of the availability of a template with internal control questions focused on the 3 pillars of information se-curity (confidentiality, integrity, availability) that allows a "Gap-Analysis" to be carried out to meas-ure the level of current maturity with respect to the requirements of the international standard ISO / IEC 27001: 2013, with a radar diagram and thus establish an ISMS or carry out the ISO 27001 certification process that guarantees to minimize risk and protect information on computers or in interconnected systems, since it is one of the most important assets of organizations, ensuring the confidentiality and integrity of the data and information of certain critical or sensitive processes, whose loss, leakage or unavailability of information puts problems in the organization.