Risk Management Policies and Procedures to procure secure COTS software in Ecuadorean Government organisations
- Authors
- Anchundia Ru?z, Mercy Denisse
- Format
- MasterThesis
- Status
- publishedVersion
- Description
The dissertation project that is described in this document is intended to assist Ecuadorean Government organisations with demand for secure software into the procurement process, that includes supplier and product selection, contract negotiation. It is because Ecuadorean government regulations impose the use of open source software only if it does not a?ect the national security, otherwise the proprietary ones. But without any previous instruction to select them securely and without being proactive to be compliant with a law that imposes the implementation of the ISO/IEC 27002 security controls as part of cybersecurity government strategy. In order to ?ll the gap between regulations and software security in the aforementioned context, the proposed solution in this project provides general guidelines (policies), methodology (procedures) that include security baselines and cybersecurity related language for risk management in Commercial Off-The-Shelf software procurement to treat software and its supplier risks. The approach that was used to develop this solution applies the ISO/IEC 27005 (Information Security Risk Management) to a generic software procurement process that generates a Secure Commercial Off-The-Shelf Software Procurement Process (SCSPP) for Ecuadorean government organisations,that are not involved in military or intelligence departments. A realistic scenario is presented as parts of the process?s records to illustrate how to apply this solution in the current situation for those institutions.
- Publication Year
- 2016
- Language
- eng
- Topic
- SOFTWARE PROCUREMENT
ECUADOREAN GOVERNMENT
SUPPLIER RISKS
COTS SOFTWARE SECURITY
- Repository
- Repositorio SENESCYT
- Rights
- openAccess
- License
- openAccess