Policies based on ISO 27001: 2013 and its influence on information security management in municipalities of Peru

Information security management within an organization must be a well-defined process, as it involves a huge effort from users, area managers and other servers to know how to respond to suspicious events and how to manage identified vulnerabilities. The objective of this research was to improve information security management in a Peruvian district municipality, through the implementation of a policy model under ISO 27001: 2013. For this, a preexperimental investigation was carried out with a sample of 30 workers, to whom a questionnaire was applied to measure the degree of satisfaction with the implanted model. On average, more than 90 % of those surveyed recognized improvements in the municipality, marking a great difference between the pre and postest, from 49 % to 96 %. It is concluded that the security policy model, based on three fundamental pillars: confidentiality, integrity, and availability, improved information security management, guaranteeing adequate data protection.