Reestructuración del proceso de control de cambios de software para una institución de educación superior
| dc.contributor.advisor | Díaz García, Javier Leonardo | |
| dc.contributor.author | Pinzón López, Leslie Milady | |
| dc.contributor.author | García Rodríguez, Juan Camilo | |
| dc.date.accessioned | 2024-07-18T21:14:02Z | |
| dc.date.available | 2024-07-18T21:14:02Z | |
| dc.date.issued | 2024-06 | |
| dc.description.abstract | Los cambios y las nuevas implementaciones en el desarrollo de software en una institución de educación son necesarios por múltiples razones, entre ellos está la mejora continua, mantener a los usuarios satisfechos, hacer correcciones de seguridad y mantener un entorno que soporte la innovación continúa. Siendo esto un factor tan relevante, se debe tener un proceso establecido que permita la eficiencia a la hora de hacer cambios e implementaciones en lo referido al desarrollo de software, evitando así incidentes de seguridad futuros, como la indisponibilidad y errores en los códigos que puedan abrir puertas a los atacantes. Debido a que el proceso actual de control de cambios tiene algunas falencias detectadas, se propone un nuevo proceso de control de cambios para el desarrollo de software en la universidad que facilite la gestión y disminuya los incidentes de seguridad a la hora de implementar estos cambios, así como establecer los criterios mínimos para la aceptación y documentación de estos. | |
| dc.description.abstractenglish | Changes and new implementations in software development within an educational institution are necessary for many reasons, including continuous improvement, keeping users satisfied, making security corrections, and bringing up the environment for proper and continuous innovation. Given the importance of this factor, it is necessary to have an established process that allows efficiency when making changes and implementations in software development, thus avoiding security incidents such as unavailability and errors in the code that could open doors to attackers. Since the current change control process has some identified shortcomings, a new change control process is proposed for software development at the university to facilitate management and reduce security incidents when implementing these changes, as well as establishing minimum criteria for their acceptance and documentation. | |
| dc.description.degreelevel | Especialización | spa |
| dc.description.degreename | Especialista en Seguridad de Redes Telemáticas | spa |
| dc.format.mimetype | application/pdf | |
| dc.identifier.instname | instname:Universidad El Bosque | spa |
| dc.identifier.reponame | reponame:Repositorio Institucional Universidad El Bosque | spa |
| dc.identifier.repourl | repourl:https://repositorio.unbosque.edu.co | |
| dc.identifier.uri | https://hdl.handle.net/20.500.12495/12693 | |
| dc.language.iso | es | |
| dc.publisher.faculty | Facultad de Ingeniería | spa |
| dc.publisher.grantor | Universidad El Bosque | spa |
| dc.publisher.program | Especialización en Seguridad de Redes Telemáticas | spa |
| dc.relation.references | AWS Cloud9. (n.d.). Lenguajes compatibles en el entorno de desarrollo integrado (IDE) de AWS Cloud9 - AWS Cloud9. Retrieved April 22, 2024, from https://docs.aws.amazon.com/es_es/cloud9/latest/user-guide/language-support.html | |
| dc.relation.references | AWS CloudTrail (Guía del usuario). (n.d.). ¿Qué es AWS CloudTrail? - AWS CloudTrail. Retrieved April 22, 2024, from https://docs.aws.amazon.com/es_es/awscloudtrail/latest/userguide/cloudtrail-user-guide.html | |
| dc.relation.references | awslabs/automated-security-helper. (n.d.). GitHub. Retrieved April 22, 2024, from https://github.com/awslabs/automated-security-helper | |
| dc.relation.references | Características de AWS CodeCommit | Amazon Web Services. (n.d.). Amazon AWS. Retrieved April 22, 2024, from https://aws.amazon.com/es/codecommit/features/ | |
| dc.relation.references | Características de AWS CodePipeline. (n.d.). Amazon AWS. Retrieved April 22, 2024, from https://aws.amazon.com/es/codepipeline/features/ | |
| dc.relation.references | ¿Cómo incluir un paso de aprobación manual en el pipeline de Jenkins? (2022). Medium. Retrieved May 30, 2024, from https:// blog.devops.dev/how-to-include-a-manual-approval-step-in-jenkins-pipeline-85056d6bac97 | |
| dc.relation.references | Gestión de servicios de TI (ITSM). (n.d.). IBM. Retrieved April 25, 2024, from https://ibm.com/mx-es/topics/it-service-management | |
| dc.relation.references | Glosario ISO27000. (2022, 11). ISO27000.es. Retrieved April 23, 2024, from https://www.iso27000.es/glosario.html | |
| dc.relation.references | ICONTEC. (2013). NORMA TÉCNICA NTC-ISO-IEC COLOMBIANA 27001. Fiduagraria.gov.co. Retrieved 04 23, 2024, from http://sarlaft.fiduagraria.gov.co/meci_files/ISO%2027001%202013.pdf | |
| dc.relation.references | Imagineapps. (19 de septiembre de 2023). Explicación de Integración Continua y Despliegue Continuo (CI/CD). Retrieved 04 23, 2024, from https://www.imagineapps.co/blog-posts-es/explicacion-de-integracion-continua-y-despliegue-continuo-ci-cd | |
| dc.relation.references | ISO/IEC 27001. (2022). Information security, cybersecurity and privacy protection — Information security management systems — Requirements. ISO/IEC 2022. | |
| dc.relation.references | ITIL. (2006, 05). Glossary V01. Retrieved April 23, 2024, from http://www.wiki.noc.unam.mx/images/7/79/ITILV3_Glossary_Spanish.pdf | |
| dc.relation.references | Qué es el Comité asesor de cambios (CAB). (2024). Freshworks. Retrieved April 23, 2024, from https://www.freshworks.com/es/freshservice/change-advisory-board/ | |
| dc.relation.references | ITIL. (2007). The Official Introduction to the ITIL Service Lifecycle. | |
| dc.relation.references | Johnson A., Dempsey K., Ross R., Gupta S., y Bailey D. (2011). Guide for Security-Focused Configuration Management of Information Systems. NIST Special Publication 800-128. Retrieved 04 23, 2024, from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-128.pdf | |
| dc.relation.references | Souppaya M., Scarfone K., Dodson D. (2022). Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities. NIST Special Publication 800-218. Retrieved May 30, 2024, from https://doi.org/10.6028/NIST.SP.800-218 | |
| dc.relation.references | ¿Qué es un IDE? (2023). Amazon AWS. Retrieved April 26, 2024, from https://aws.amazon.com/es/what-is/ide/ | |
| dc.relation.references | Security and Privacy Controls for Federal Information Systems and Organizations. (2021, September 23). NIST Technical Series Publications. Retrieved April 22, 2024, from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf | |
| dc.relation.references | What is the AWS CDK? - AWS Cloud Development Kit (AWS CDK) v2. (n.d.). AWS Documentation. Retrieved April 23, 2024, from https://docs.aws.amazon.com/cdk/v2/guide/home.html | |
| dc.relation.references | Languages & Frameworks. (n.d.). Veracode. Retrieved May 30, 2024, from https://www.veracode.com/languages-framework | |
| dc.relation.references | Seguridad de Microsoft. (2024, 01 30). Control de seguridad v3: Seguridad de DevOps. https://learn.microsoft.com/es-es/security/benchmark/azure/security-controls-v3-devops-security | |
| dc.relation.references | Supported Programming Languages — CodeScene 1 Documentation. (n.d.). CodeScene. Retrieved May 30, 2024, from https://codescene.io/docs/usage/language-support.html | |
| dc.relation.references | Microsoft. (2024). learn.microsoft. Retrieved April 23, 2024, from DevOps Documentation from https://learn.microsoft.com/es-es/azure/devops/?view=azure-devops | |
| dc.relation.references | Microsoft. (2024). VisualStudio.Microsoft. Retrieved April 23, 2024 from Visual Studio Code Documentation from https://visualstudio.microsoft.com/es/#:~:text=Visual%20Studio%20Code,-Visual%20Studio%20Code&text=Incluye%20compatibilidad%20integrada%20con%20JavaScript,%2C%20Go%2C%20.NET). | |
| dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 Internacional | en |
| dc.rights.accessrights | info:eu-repo/semantics/openAccess | |
| dc.rights.accessrights | http://purl.org/coar/access_right/c_abf2 | |
| dc.rights.local | Acceso abierto | spa |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/4.0/ | |
| dc.source.url | https://drive.google.com/drive/folders/1631_9OmTDXQUnNdVBEBTuTqMFurlrd32?usp=drive_link | |
| dc.subject | Vulnerabilidades | |
| dc.subject | Repositorio de código | |
| dc.subject | Ambiente de desarrollo | |
| dc.subject | Escaneo de seguridad estático | |
| dc.subject | Línea base | |
| dc.subject.ddc | 621.3820289 | |
| dc.subject.keywords | Vulnerabilities | |
| dc.subject.keywords | Code repository | |
| dc.subject.keywords | Development environment | |
| dc.subject.keywords | Static security scan | |
| dc.subject.keywords | Base line | |
| dc.title | Reestructuración del proceso de control de cambios de software para una institución de educación superior | |
| dc.title.translated | Restructuring the software change management process for a higher education institution | |
| dc.type.coar | https://purl.org/coar/resource_type/c_7a1f | |
| dc.type.coarversion | https://purl.org/coar/version/c_ab4af688f83e57aa | |
| dc.type.driver | info:eu-repo/semantics/bachelorThesis | |
| dc.type.hasversion | info:eu-repo/semantics/acceptedVersion | |
| dc.type.local | Tesis/Trabajo de grado - Monografía - Especialización | spa |
Archivos
Bloque de licencias
1 - 3 de 3
No hay miniatura disponible
- Nombre:
- license.txt
- Tamaño:
- 1.95 KB
- Formato:
- Item-specific license agreed upon to submission
- Descripción:
No hay miniatura disponible
- Nombre:
- Carta de autorización.pdf
- Tamaño:
- 181.27 KB
- Formato:
- Adobe Portable Document Format
- Descripción:
No hay miniatura disponible
- Nombre:
- Acta de grado.pdf
- Tamaño:
- 385.9 KB
- Formato:
- Adobe Portable Document Format
- Descripción: