Abstract :
The main function of the financial institution is to offer its services for the placement of cards, loans, etc., to the clients who request it in its different establishments. Given this, it was identified that there are activities in the bank that are generating mishandling of information by staff towards customers, which is causing claims from them due to inconsistency of the data that results in the disaffiliation of their services. For this reason, a proposal for an information security plan was developed in the processes and areas of Ripley bank, with the objective of increasing the reliability of its data, achieving the three principles for an ISMS such as availability, integrity and confidentiality. . To achieve this objective, the ISO / IEC 27001 and 27002 standards were selected to apply the controls of the information security plan proposal in the Ripley bank, being clearly established those responsible and the information that is handled in each of the processes and areas. As a result, the scope of the plan was carried out, as well as defining the policies, risk management analysis, priority was given to the management of information by areas, in addition, the bank's assets were analyzed where the reliability of the data is guaranteed, then the defined the plan applying the controls of ISO / IEC 27002. It was concluded to define the indicators to evaluate the information security plan proposal to increase the reliability of its data.
Keyword :
Data, Management, Information, ISO/IEC 27002, Plan, SGSI