Implementation of Information Security Audit for the Sales System in a Peruvian Company

Abstract

Technology has been updated over the last few years, and this has been generating a worldwide impact as currently, in this pandemic, several companies have been victims of information theft through hacks, as some companies do not have audits so that they can protect their information. The management of computer security audits in companies is very important to detect possible risks and manage business control by applying continuity management in each disaster. The article's main objective is to implement an audit plan and information security through ISO 27001 for a sales system to improve computer security. The literature review is on the definition of several processes that are part of our implementation development. Our methodology employed five stages of project management (Start, Planning, Execution, Monitoring and control, and closure), explaining the procedure and definition of each stage. The case study is the development of each stage that identifies the risks and obtains a solution to any threat. The results are the treatments of the risks carried out in the company, explaining the compliance with the clause and controls of ISO 27001 in the company. Finally, the analysis of the indicators of each policy of the company to know the improvement the company Domingez.