In today's digital landscape, micro and small enterprises (MSEs) in Peru encounter increasing challenges in safeguarding their information against cyber threats. Despite their economic importance, these organizations often lack the necessary resources and infrastructure to implement robust cybersecurity systems, rendering them vulnerable to cyberattacks. To address this gap, we developed a web application based on ISO 27002 standards, specifically designed to assist MSEs in Lima, Peru, in conducting comprehensive cybersecurity assessments with expert guidance. The application, named AuditC, enables enterprises to identify risks, document vulnerabilities, and implement corrective actions. In a case study with Wonder Box Retail, an e-commerce MSE, AuditC successfully identified critical security gaps related to data management and endpoint protection. Under structured expert supervision, it is projected that 47% of corrective actions will be completed by the third month. Additionally, validation involving 10 IT and cybersecurity experts demonstrated high ratings for AuditC in terms of usability and practicality, along with a significant reduction in assessment time and improved compliance readiness. These findings highlight AuditC’s potential as an accessible and effective cybersecurity solution for MSEs with limited resources.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Web Audit Application Based on ISO 27002 to Evaluate Cybersecurity Systems in MSEs in Lima Metropolitana

  • Luis Chamorro,
  • Cesar Castillo,
  • Daniel Burga,
  • Carlos Tello Saenz

摘要

In today's digital landscape, micro and small enterprises (MSEs) in Peru encounter increasing challenges in safeguarding their information against cyber threats. Despite their economic importance, these organizations often lack the necessary resources and infrastructure to implement robust cybersecurity systems, rendering them vulnerable to cyberattacks. To address this gap, we developed a web application based on ISO 27002 standards, specifically designed to assist MSEs in Lima, Peru, in conducting comprehensive cybersecurity assessments with expert guidance. The application, named AuditC, enables enterprises to identify risks, document vulnerabilities, and implement corrective actions. In a case study with Wonder Box Retail, an e-commerce MSE, AuditC successfully identified critical security gaps related to data management and endpoint protection. Under structured expert supervision, it is projected that 47% of corrective actions will be completed by the third month. Additionally, validation involving 10 IT and cybersecurity experts demonstrated high ratings for AuditC in terms of usability and practicality, along with a significant reduction in assessment time and improved compliance readiness. These findings highlight AuditC’s potential as an accessible and effective cybersecurity solution for MSEs with limited resources.