Modelo de madurez de cultura organizacional de ciberseguridad para el sector financiero basado en buenas prácticas

In search of competitiveness and the delivery of value for stakeholders, organizations not only develop a social purpose, generate benefits and optimize resources, but also manage their risks, including cyber, where organizations have been threatened due to the challenge of maintaining technical and management controls for their treatment. Under this scenario, they must not only cover technologies but also people as an integral part of the computer environment to be protected; For this reason, they must promote a culture of cybersecurity that contributes to risk mitigation and continuous improvement. The proposed model adopts a methodology that takes into account the selection of a set of factors that affect the cybersecurity culture of an organization, measures these factors from an assessment method that considers a series of attributes (indicators), and whose qualifications lead to the determination of a level of maturity. Tales situaciones revelan la importancia que tiene la ciberseguridad para el sector financiero, Sin embargo, (Tarafdar et al., 2014) indican que múltiples estudios demuestran que las fallas de seguridad de mayor alcance y gravedad no se deben a explotación de vulnerabilidades técnicas en la infraestructura tecnológica si no a conductas inadecuadas causadas por la falta de conciencia de los empleados que manejan la información Por lo tanto, existe la necesidad de que las compañías financieras implementen estrategias efectivas de concientización y generación de cultura organizaciona! en seguridad de la información y ciberseguridad.