Hacia un marco holístico de Ciberseguridad para e-Gobiernos según Análisis Sistemático de Propuestas existentes
Marco holístico de Ciberseguridad para e-Gobiernos
Abstract
For government agencies, managing information security means an implicit commitment that they maintain with the information society. Society assumes that the data that is its property and that is of interest to the State, so that it can carry out its functions, is managed securely. However, managing information security in this organizations kind is a challenge that differs to a great extent from those that arise when we find ourselves in the context of a private sector organization. A government can be idealized as a large company made up of a series of business areas represented by their public bodies, where each one of them captures information from citizens related to their business interests, processes it, and shares it with their peers. , and make information available to society that feeds back into the life cycle of their processes. In this context, the security of all this information is as robust as the weakest in the entire process chain. Various factors converge in this scenario: different services and technological infrastructures with their inherent threats, different applicable regulatory frameworks, different degrees of maturity in terms of security culture, etc., with which, knowing the general degree of security for a Government is impossible if there is not an information security management model that cross-cuts all the organizations that comprise it. In this work, based on a systematic review of existing contributions related to e-Government Cybersecurity, it's proposed to model a secure ecosystem for government agencies, which uses regulatory compliance, risk management, and a secure data exchange framework as transversal axes. , that is capable of guaranteeing an adequate level of information security in a holistic way.