Aconsejaría (viable) y que recomendaciones daría durante o posterior al diseño del SGSI se desarrolle una aplicación para realizar una gestión y seguimiento automatizado y adecuado de la seguridad de la información, con una trazabilidad al implementar un Sistema de Gestión de Seguridad de la Información (SGSI)?
Would you advise (feasible) and what recommendations would you give during or after the design of the ISMS an application be developed to carry out an automated and adequate management and monitoring of information security, with traceability when implementing an Information Security Management System ( ISMS)?
Please note that while some activities, like risk assessment and internal audit, require a lot of analysis and evaluation work to be done, and it is not possible to automate them, because some decisions require a human feeling and perception of the business environment that a machine cannot properly evaluate, some activities you can be automated, such as:
collect data from existing databases (e.g. to help identity assets if an asset-threat-vulnerability risk assessment approach is used)
compare data gathered with risk level limits to warn about risks that require further analysis
organize and present data for decision making.
Considering that, in the development of an ISMS application to fulfill your needs, you need first identify which requirements this application needs to meet, to see the level of automation you can reach, and if this is enough for your purposes.
This article will provide you a further explanation about the use of tools: