Web Audit Application Based on ISO 27002 to Evaluate Cybersecurity Systems in MSEs in Lima Metropolitana
摘要
In today's digital landscape, micro and small enterprises (MSEs) in Peru encounter increasing challenges in safeguarding their information against cyber threats. Despite their economic importance, these organizations often lack the necessary resources and infrastructure to implement robust cybersecurity systems, rendering them vulnerable to cyberattacks. To address this gap, we developed a web application based on ISO 27002 standards, specifically designed to assist MSEs in Lima, Peru, in conducting comprehensive cybersecurity assessments with expert guidance. The application, named AuditC, enables enterprises to identify risks, document vulnerabilities, and implement corrective actions. In a case study with Wonder Box Retail, an e-commerce MSE, AuditC successfully identified critical security gaps related to data management and endpoint protection. Under structured expert supervision, it is projected that 47% of corrective actions will be completed by the third month. Additionally, validation involving 10 IT and cybersecurity experts demonstrated high ratings for AuditC in terms of usability and practicality, along with a significant reduction in assessment time and improved compliance readiness. These findings highlight AuditC’s potential as an accessible and effective cybersecurity solution for MSEs with limited resources.