Implementation of IT Security and Risk Management Process for an Academic Platform

Nowadays, technological risks and information security are important processes of management and administration for public and private institutions. This is due to the obliquity of technology in the development of business processes, and its level of impact on organizational goals and objectives. This work implements a process for identifying, measuring, controlling and monitoring the IT risks that would allow the prevention and reduction of the losses due to the materialization of these types of risks in a Higher Education Institution. The risks analysis was applied to the information assets associated to two institutional critical processes that could cause material, financial, operational and image damages. In general, the results allowed to identify the high, medium and low level risk. Also, it was presented an action plan that included mitigation control to counteract the effects of identified risks, as well as its probability of occurrence, an estimated budget, and feasibility the analysis of implementing these countermeasures.