Construcción de directrices para el cumplimiento normativo en infraestructuras críticas de tecnologías de la información para instancias educativas autónomas
Article Sidebar
Main Article Content
Abstract
The growing demand for network services has raised their importance because they support organizations key processes, which creates the need for a reliable future perspective for the contracting and renewing internet services. This scenario, and the emergence of different models for data study and forecasting that allow the analysis of future behavior using information with time series data, has favored the implementation of strategies that deliver results in less time. Following the model of continuous improvement and good practices in information technologies services, the Departamento de Monitoreo de la Red, known as NOC RedUNAM, proposed the analysis of behavior of the collected data regarding the bandwidth consumption of internet links that integrate RedUNAM, which exhibit time series characteristics. With the aim of obtaining reliable information about future expected internet service consumption, different analysis algorithms that consider the conditions that affect the demand of services in the Universidad Nacional Autónoma de México (schedules, extraordinary events, school periods, among others) were tested. Based on this need, the algorithm that best accepted the influence of changes in data links daily behavior was selected. In the first analyses, the clarity of the data was considered (elimination of null data, traffic peaks considered anomalous, among others) and linear forecasts of future demand were generated. The results reflected a loss of information due to the filtering. Consequently, the analysis was focused on algorithms that gave major importance to the variables considered relevant for the demand of network links forecast, as well as the network operation general behavior. For this exercise, simple regression models, integrated moving averages and other techniques were tested, concluding with the selection of an algorithm that offered a margin of reliability, allowing the forecast to be considered acceptable for the conditions of the collected network data.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Este trabajo tiene la licencia CC BY-NC-ND 4.0
References
Angraini, R., Alias, R. A., & Okfalisa. (2019). Information security policy compliance: Systematic literature review. Procedia Computer Science, 161, 1216–1224. https://doi.org/10.1016/j.procs.2019.11.235 DOI: https://doi.org/10.1016/j.procs.2019.11.235
Bejarano, F., & Martín, J. L. (2021). La ciberseguridad no es un problema de TI, nunca lo fue. Harvard Deusto Management & Innovation, (39). https://www.harvard-deusto.com/la-ciberseguridad-no-es-un-problema-de-ti-nunca-lo-fue
Benavides, L. M. C., Tamayo Arias, J. A., Arango Serna, M. D., Branch Bedoya, J. W., & Burgos, D. (2020). Digital transformation in higher education institutions: A systematic literature review. Sensors, 20(11), 3291. https://doi.org/10.3390/s20113291 DOI: https://doi.org/10.3390/s20113291
Center for Internet Security. (2023). CIS Critical Security Controls Version 8.1. https://www.cisecurity.org/controls/v8-1csf.tools+2
Cordero Guzmán, D., & Bribiesca Correa, G. (2018). Model for information technology governance (GTI) in a university environment. Computación y Sistemas, 22(4), 1503–1518. https://doi.org/10.13053/cys-22-4-2797 DOI: https://doi.org/10.13053/cys-22-4-2797
CSRC Content Editor. (n.d.-c). Asset – Glossary. National Institute of Standards and Technology. https://csrc.nist.gov/glossary/term/asset
CSRC Content Editor. (n.d.-c). Defense-in-depth – Glossary. National Institute of Standards and Technology. https://csrc.nist.gov/glossary/term/defense_in_depth
Dirección General de Cómputo y de Tecnologías de Información y Comunicación. (2023). Directrices generales en torno a la seguridad de la información que obra en los sistemas informáticos de la UNAM. Universidad Nacional Autónoma de México. https://www.red-tic.unam.mx/directrices-seguridad-informacion
Dunsin, D. (2024). Evaluating cybersecurity frameworks for protecting consumer IoT devices from emerging phishing and ransomware threats. Journal of Cybersecurity and Privacy, 3(4), 327–350. https://doi.org/10.3390/jcp3040017
Franco Reboreda, C. (2024). Gobierno de las Tecnologías de Información. En J.L. Ponce-López, L.M. Castañeda-De León y H. Valles-Baca (Coords.), Estado actual de las tecnologías de la información y las comunicaciones en las instituciones de educación superior en México. Estudio 2024. México: Asociación Nacional de Universidades e Instituciones de Educación Superior.
International Organization for Standardization & International Electrotechnical Commission. (2013). ISO/IEC 27001:2013 – Information security, cybersecurity and privacy protection – Information security management systems – Requirements.
International Organization for Standardization & International Electrotechnical Commission. (2016). ISO/IEC 27004:2016 – Information technology — Security techniques — Information security management — Monitoring, measurement, analysis and evaluationls. https://www.iso.org/standard/64120.html
Jorm, A. (2025). Specifying “Experts” and “Consensus”. In: Expert Consensus in Science. Palgrave Macmillan, Singapore. https://doi.org/10.1007/978-981-97-9222-1_7 DOI: https://doi.org/10.1007/978-981-97-9222-1_7
Kure, H.I., Islam, S. & Mouratidis, H. (2022). An integrated cyber security risk management framework and risk predication for critical infrastructure protection. Neural Comput & Applic. 34 (15241). https://doi.org/10.1007/s00521-022-06959-2 DOI: https://doi.org/10.1007/s00521-022-06959-2
Melaku, H. M. (2023). A dynamic and adaptive cybersecurity governance framework. Journal of Cybersecurity and Privacy, 3(3), 327–350. https://doi.org/10.3390/jcp3030017 DOI: https://doi.org/10.3390/jcp3030017
National Institute of Standards and Technology. (2020). Security and Privacy Controls for Information Systems and Organizations (NIST Special Publication 800-53 Revision 5). https://doi.org/10.6028/NIST.SP.800-53r5 DOI: https://doi.org/10.6028/NIST.SP.800-53r5
National Institute of Standards and Technology. (2024). Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST Special Publication 800-171 Revision 3). https://csrc.nist.gov/pubs/sp/800/171/r3/final
National Institute of Standards and Technology. (2024). The NIST Cybersecurity Framework (CSF) 2.0 (NIST Cybersecurity White Paper No. 29). https://doi.org/10.6028/NIST.CSWP.29 DOI: https://doi.org/10.6028/NIST.CSWP.29
Subsecretaría de la Función Pública. (2011). Guía para emitir documentos normativos. Secretaría de la Función Pública. https://www.gob.mx/cms/uploads/attachment/file/914320/guia-emitir-documentos-normativos-sfp-07052024.pdf
Sullivan, G. (2022). Law, technology and data-driven security: Infra-legalities as method assemblage. Journal of Law and Society, 49(S1), 31–50. https://doi.org/10.1111/jols.12352 DOI: https://doi.org/10.1111/jols.12352
Taherdoost, H. (2022). Understanding cybersecurity frameworks and information security standards—A review and comprehensive overview. Electronics, 11(14), 2181. https://doi.org/10.3390/electronics11142181 DOI: https://doi.org/10.3390/electronics11142181
Zhong, X., Vatanasakdakul, S., & Aoun, C. (2012). It Governance In China: Cultral Fit And It Governance Capabilities. PACIS 2012 Proceedings. (55). https://aisel.aisnet.org/pacis2012/55