Gestão de segurança da informação - uma proposta para potencializar a efetividade da segurança da informação em ambiente de pesquisa científica / Information security management a proposal to improve the effectiveness of information security in the scientific research environment

AUTOR(ES)
FONTE

IBICT - Instituto Brasileiro de Informação em Ciência e Tecnologia

DATA DE PUBLICAÇÃO

30/11/2009

RESUMO

The increase of the connectivity in the business environment, combined with the growing dependency of information systems, has become the information security management an important governance tool. Information security has as main goal to protect the business transactions in order to work normally. In this way, It will be safeguarding the business continuity. The threats of information come from hackers attacks, electronic frauds and spying, as well as fire, electrical energy interruption and humans fault. Information security is made by implementation of a set of controls, including of the others politics, processes, procedures, organizational structures, software and hardware, which require a continuous management and a well established structure to be able to face such challenges. This work tried to search the reasons why the organizations have difficulties to make a practice of information security management. Many of them just limit to adopt points measures, sometimes they are not consistent with their realities. The market counts on enough quantity of standards and regulations related to information security issues, for example, ISO/IEC 27002, American Sarbanes-Oxley act, Basel capital accord, regulations from regulatory agency (such as the Brazilians ones ANATEL, ANVISA and CVM). The market researches have showed that the information security implementation is concentrated on a well-defined group of organization mainly formed by large companies and from specifics sectors of economy, for example, financial and telecommunication. However, information security must be done by all organizations that use information systems to carry out their activities, independently of its size or economic area that it belongs. The situation of information security in the governmental sector of Brazil, and inside its research institutions, is considered worrying by the Brazilian Court of Accounts (TCU). This research work presents an assessment and diagnostic proposal of information security, applied in the form of a data survey, which intend to be a tool that can be used as a starting point to foment debates about information security concerns into organization. This can lead them to a well-structured information security implementation. The referred proposal is specially addressed to those organizations that do not have the profile that put them among those companies which are forced to follow some law or regulation. But in the same way they need to protect their information assets to reach their goals and their business objectives.

ASSUNTO(S)

abnt nbr iso/iec 27002:2005 abnt nbr iso/iec 27002:2005 fator humano information security risco segurança da informação

Documentos Relacionados