What are the responsibilities of the person in charge of information security at the Ministry of Education?
a) Conduct vulnerability testing and ethical hacking periodically through a third party that meets international standards.
b) Generate and execute or monitor action plans for mitigating technical vulnerabilities detected in the technological platform.
c) Create and lead the Vulnerability Management Committee composed of Infrastructure, Applications, Information Security Officer, Information Security Officer of the MEN Network Operator, and the Information Security Officer of the Intervention. The Vulnerability Management Committee will meet every month (1) to follow up on the plans and actions of identified vulnerabilities and those in the process of remediation.
d) Coordinate with the ICT service operator the actions in terms of Information Security that must be carried out in the MEN.
e) Propose policies and technical specifications for goods and services, procedures, specific actions, and measures in terms of Information Security that are applicable to any of the technological elements that make up the entity's Information Security platform.
f) Coordinate with the ICT service operator the administration of the user authentication system that allows access to MEN's resources, IT services, and communications.
g) Coordinate the definition, administration, and technical actions in terms of Information Security with the ICT service operator, technical leaders, functional leaders, service administrators, and other areas that perform IT functions for the MEN.
h) Analyze security information incident management system incidents that involve IT services to establish controls to detect, correct, and prevent subsequent incidents.
i) Propose specific measures in terms of Information Security that should be addressed by users of electronic goods, resources, and IT services and information.
j) Propose the technological platform for the support of the entity's Information Security environment.
k) Keep the inventory of Information Assets related to the MEN's Information Security Platform updated as a complement to the inventory of Information and infrastructure assets that it has.
l) Perform selective reviews of IT asset controls to ensure that the recommendations and guidelines on Information Security are maintained on them.
m) Publish in the Document Management System the technical documents (guidelines, policies, guides, processes, procedures) on Information Security issued by the OTSI.
n) Promote compliance with the MEN's Information Security Policy.
o) Define detection and prevention controls for protection against malicious software.
p) Implement controls for protection against malicious software in the computing and telecommunications infrastructure.
q) Define access accounts for the administration of computer equipment to protect their configuration, which will be made known to the ICT service operator within the OTSI.
r) Review the event records of the different equipment that are part of the MEN's security environment to collaborate with the service manager in control and make recommendations on security aspects.
s) Store and manage passwords, including user access to them.
t) Revoke passwords when keys are compromised or when a user who uses them is disassociated from the entity.
u) Recover lost or altered passwords as part of the administration for their continuity.
v) Coordinate, administer, and register all equipment and domain names that are accessible to the MEN network.
w) Control and record all security certificates of the entity's sites.
x) Coordinate with the Security Officer and security specialists of the operator to handle reports of Information Security incidents and anomalies.
y) Promote the culture of Information Security among information and IT resource administrators and users of institutional IT resources, goods, and services.
z) Perform other duties determined by the OTSI or the person in charge of Information Security.
I. The person in charge of Information Security is responsible for coordinating with the ICT service operator the actions to be carried out in terms of Information Security at the MEN.
II. The person in charge of Information Security is responsible for proposing policies and technical specifications for goods and services, procedures, specific actions, and measures in terms of Information Security that are applicable to any of the technological elements that make up the entity's Information Security platform.
III. The person in charge of Information Security is responsible for generating and executing or monitoring action plans for mitigating technical vulnerabilities detected in the technological platform.
IV. The person in charge of Information Security is responsible for coordinating with the Security Officer and security specialists of the operator to handle reports of Information Security incidents and anomalies.
V. The person in charge of Information Security is responsible for conducting vulnerability testing and ethical hacking periodically through a third party that meets international standards.
a) I, II, III, IV, and V are correct.
b) I, II, and III are correct.
c) II, III, IV, and V are correct.
d) I, III, IV, and V are correct.