Página 1 dos resultados de 10352 itens digitais encontrados em 0.061 segundos

‣ Implementation of information systems security policies: a survey in small and medium sized enterprises

Lopes, Isabel Maria; Oliveira, P.
Fonte: Springer Publicador: Springer
Tipo: Parte de Livro
Português
Relevância na Pesquisa
47.33639%
Information has become organizations’ most valuable asset, thus being a potential target to threats intending to explore their vulnerabilities and cause considerable damage. Therefore, there is a need to implement policies regarding information systems security (ISS) in an attempt to reduce the chances of fraud or information loss. Thus, it is important to find the critical success factors to the implementation of a security policy as well as to assess the level of importance of each one of them. This paper contributes to the identification of such factors by presenting the results of a survey regarding information systems security policies in small and medium sized enterprises (SME). We discuss the results in the light of a literature framework and identify future works aiming to enhance information security in organizations.

‣ Sobre a estruturação de informação em sistemas de segurança computacional: o uso de ontologias; On the structuring of information in computing security systems: the use of ontologies

Martimiano, Luciana Andréia Fondazzi
Fonte: Biblioteca Digitais de Teses e Dissertações da USP Publicador: Biblioteca Digitais de Teses e Dissertações da USP
Tipo: Dissertação de Mestrado Formato: application/pdf
Publicado em 18/09/2006 Português
Relevância na Pesquisa
47.463643%
Como a quantidade e a complexidade de informações disponíveis sobre incidentes de segurança é crescente, as tarefas de manipular e gerenciar essas informações tornaram-se bastante custosas. Diversas ferramentas de gerenciamento de segurança estão disponíveis para auxiliar os administradores. Essas ferramentas podem monitorar tudo que entra e saí de uma intranet, como os firewalls; podem monitorar o tráfego interno da rede para saber o que está acontecendo e detectar possíveis ataques, como os sistemas de detecção de intrusão (SDIs); podem varrer arquivos em busca de códigos maliciosos, como os antivírus; podem criar filtros de emails para evitar spams, vírus ou worms; ou podem varrer uma rede em busca de vulnerabilidades nos sistemas, como os scanners e os agentes móveis inteligentes. Essas ferramentas geram uma grande quantidade de logs com informações que são coletadas e armazenadas em formatos próprios e diferentes. Essa falta de um formato único para armazenar as informações de incidentes de segurança, faz com que o trabalho dos administradores fique ainda mais difí?cil, pois eles/elas devem ser capazes de entender todos esses formatos para identificar e correlacionar informações quando, por exemplo...

‣ Modelo de suporte a políticas e gestão de riscos de segurança voltado à terceirização de TIC, computação em nuvem e mobilidade.; Support framework for security policies and risk management focused on ITC outsourcing, cloud computing and mobility.

Malandrin, Leandro José Aguilar Andrijic
Fonte: Biblioteca Digitais de Teses e Dissertações da USP Publicador: Biblioteca Digitais de Teses e Dissertações da USP
Tipo: Dissertação de Mestrado Formato: application/pdf
Publicado em 05/04/2013 Português
Relevância na Pesquisa
47.31492%
O cenário tecnológico é um fator importante a ser considerado ao se trabalhar com Sistemas de Gestão de Segurança da Informação (SGSI). No entanto, nos últimos anos esse cenário se alterou profundamente, aumentando em complexidade de maneira até antes não vista. Caracterizado principalmente por tendências tecnológicas como a terceirização de infraestrutura de TIC, a computação em nuvem e a mobilidade, o cenário externo atual gera grandes novos desafios de segurança. A abordagem típica para tratar com mudanças de cenário em SGSIs é uma revisão da análise de riscos e a implantação de novos controles de segurança. No entanto, frente a um cenário tão disruptivo, riscos podem passar despercebidos, devido à falta de conhecimento sobre os novos elementos introduzidos por esse cenário. Por causa disso, adaptações mais profundas, durante o próprio planejamento do SGSI, são necessárias. Usando a norma de segurança ISO/IEC 27001 como referência, esse trabalho introduz um modelo de suporte que permite a identificação dessas adaptações. Para construir esse modelo, foram inicialmente levantados os riscos referentes a cada uma das três tendências tecnológicas listadas. Esses riscos foram compilados e analisados em conjunto...

‣ Information security policies : a content analysis

Lopes, Isabel Maria; Soares, Filipe de Sá
Fonte: Association for Information Systems Publicador: Association for Information Systems
Tipo: Conferência ou Objeto de Conferência
Publicado em 15/07/2012 Português
Relevância na Pesquisa
47.408843%
Completed research paper; Among information security controls, the literature gives a central role to information security policies. However, there is a reduced number ofempirical studies about the features and components of information security policies. Thisresearch aims to contribute to fill this gap. It presents a synthesis of the literature on information security policies content and it characterizes 25 City Councils information security policy documents in terms of features and components. The content analysis research technique was employed to characterize the information security policies. The profile of the policies is presented and discussed and propositions for future work are suggested.

‣ Improving National and Homeland Security through a proposed Laboratory for nformation Globalization and Harmonization Technologies (LIGHT)

Choucri, Nazli; Madnick, Stuart; Siegel, Michael; Wang, Richard
Fonte: MIT - Massachusetts Institute of Technology Publicador: MIT - Massachusetts Institute of Technology
Tipo: Trabalho em Andamento Formato: 486982 bytes; application/pdf
Português
Relevância na Pesquisa
47.36408%
A recent National Research Council study found that: "Although there are many private and public databases that contain information potentially relevant to counter terrorism programs, they lack the necessary context definitions (i.e., metadata) and access tools to enable interoperation with other databases and the extraction of meaningful and timely information" [NRC02, p.304, emphasis added] That sentence succinctly describes the objectives of this project. Improved access and use of information are essential to better identify and anticipate threats, protect against and respond to threats, and enhance national and homeland security (NHS), as well as other national priority areas, such as Economic Prosperity and a Vibrant Civil Society (ECS) and Advances in Science and Engineering (ASE). This project focuses on the creation and contributions of a Laboratory for Information Globalization and Harmonization Technologies (LIGHT) with two interrelated goals: (1) Theory and Technologies: To research, design, develop, test, and implement theory and technologies for improving the reliability...

‣ Improving National and Homeland Security through a proposed Laboratory for Information Globalization and Harmonization Technologies (LIGHT)

Choucri, Nazli; Madnick, Stuart; Siegel, Michael; Wang, Richard
Fonte: MIT - Massachusetts Institute of Technology Publicador: MIT - Massachusetts Institute of Technology
Tipo: Trabalho em Andamento Formato: 486983 bytes; application/pdf
Português
Relevância na Pesquisa
47.36801%
A recent National Research Council study found that: "Although there are many private and public databases that contain information potentially relevant to counter terrorism programs, they lack the necessary context definitions (i.e., metadata) and access tools to enable interoperation with other databases and the extraction of meaningful and timely information" [NRC02, p.304, emphasis added] That sentence succinctly describes the objectives of this project. Improved access and use of information are essential to better identify and anticipate threats, protect against and respond to threats, and enhance national and homeland security (NHS), as well as other national priority areas, such as Economic Prosperity and a Vibrant Civil Society (ECS) and Advances in Science and Engineering (ASE). This project focuses on the creation and contributions of a Laboratory for Information Globalization and Harmonization Technologies (LIGHT) with two interrelated goals: (1) Theory and Technologies: To research, design, develop, test, and implement theory and technologies for improving the reliability...

‣ Avaliação das arquiteturas de segurança da informação no terceiro setor: aplicação piloto na Comissão Pastoral da Terra

Pereira, Carminda de Aguiar
Fonte: Universidade Federal de Goias; brasil; UFG; Faculdade de Informação e Comunicação (RG); Biblioteconomia (RG) Publicador: Universidade Federal de Goias; brasil; UFG; Faculdade de Informação e Comunicação (RG); Biblioteconomia (RG)
Tipo: Trabalho de Conclusão de Curso
Português
Relevância na Pesquisa
47.42547%
This research has as its main purpose verifying the level of efficiency and effectiveness of the Management of Information Security procedures as from the requirements presented by the Guidelines for the Management of Information Security ABNT NBR ISO/IEC in Third Sector organizations in Goiânia. To verify this level of efficiency and effectiveness, it was produced a study about the standards of Management of Information Security formulated by ABNT NBR ISO/IEC 27001:2006; 27002:2005; 27003:2011 e 27005:2011 and elaborated from this study an Evaluation of Information Security Architectures model. It has been worked on theoretical issues as such Information Security; ABNT standards on Management of Information Security; Information Architecture and Third Sector. The Third Sector organization evalueted by the model was the Comissão Pastoral da Terra (CPT), entity of the Third Sector in Goiânia. Consists in exploratory research based on descriptive and qualitative aspects. The data obtained by applying the oriented interview with CPT were presented in a report format, which contains basic information about the organization, the period in what the research was applied, misadventures that has occured and critical evaluation of the data. To achive the main purpose...

‣ Electronic Security : Risk Mitigation in Financial Transactions - Public Policy Issues

Glaessner, Thomas; Kellermann, Tom; McNevin, Valerie
Fonte: World Bank, Washington, DC Publicador: World Bank, Washington, DC
Português
Relevância na Pesquisa
47.45956%
This paper builds on a previous series of papers (see Claessens, Glaessner, and Klingebiel, 2001, 2002) that identified electronic security as a key component to the delivery of electronic finance benefits. This paper and its technical annexes (available separately at http://www1.worldbank.org/finance/) identify and discuss seven key pillars necessary to fostering a secure electronic environment. Hence, it is intended for those formulating broad policies in the area of electronic security and those working with financial services providers (for example, executives and management). The detailed annexes of this paper are especially relevant for chief information and security officers responsible for establishing layered security. First, this paper provides definitions of electronic finance and electronic security and explains why these issues deserve attention. Next, it presents a picture of the burgeoning global electronic security industry. Then it develops a risk-management framework for understanding the risks and tradeoffs inherent in the electronic security infrastructure. It also provides examples of tradeoffs that may arise with respect to technological innovation...

‣ Enhancing FBI terrorism and homeland security information sharing with state, local and tribal agencies

Gomez, Peter L.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
57.320103%
CHDS State/Local; This thesis examines FBI terrorism and homeland security information sharing with state, local and tribal homeland security agencies mandated by presidents Bush and Obama, and the U.S. Congress. The thesis compares this "status quo" with three new proposed approaches that use technology and modify the FBI "routine use" exceptions to the Privacy Act to improve overall FBI information sharing. The thesis rates the following approaches: (1) "status quo," (2) new homeland security "routine use" exception, (3) Discoverability of Information and (4) XML Segregation of Information. All four options are analyzed using a two-phase analysis to determine their effectiveness and likelihood of successful implementation. The effectiveness is evaluated by judging the information shared, the privacy protected and the security of each approach. The likelihood of successful implementation is evaluated by judging the impact of FBI cultural resistance, fiscal performance, utilization of technology and training requirements. This thesis proposes the implementation of all three proposed approaches to enhance overall FBI terrorism and homeland security information sharing.

‣ Examining the return on investment of a security information and event management solution in a notional Department of Defense network environment

Warnecke, Matthew P.
Fonte: Monterey, California: Naval Postgraduate School Publicador: Monterey, California: Naval Postgraduate School
Português
Relevância na Pesquisa
57.1918%
Approved for public release; distribution is unlimited; Sophisticated cyber threats represent a significant adversary in the evolving world of the cyber domain. Furthermore, determining whether or not an attack has taken place and the extent of the damage caused requires significant resources. In order to guarantee reliable detection, prevention and mitigation of these advanced threats, the Department of Defense (DoD) must invest in advanced information security technologies that increase the defensive capabilities of its information networks. This thesis focuses on Security Information and Event Management (SIEM) systems as an enabling technology that possesses the advanced security capabilities required to address sophisticated, evolving cyber threats. The research explores the capabilities of this technology in terms of the speed of detection, depth of investigative power, and additional value provided. Additionally, this research attempts to quantify the return on investment that a SIEM solution could provide when deployed in a notional DoD network architecture. Ultimately, the research provided in this thesis endeavors to justify DoD investment in SIEM technology. The focus of this research revolves around a qualitative description of the inherent capabilities of SIEM products and utilizes several Return on Security Investment models in an attempt to quantitatively define the value of these capabilities in a DoD network.

‣ Unauthorized disclosure: can behavioral indicators help predict who will commit unauthorized disclosure of classified national security information?

Sims, Karen Elizabeth
Fonte: Monterey, California: Naval Postgraduate School Publicador: Monterey, California: Naval Postgraduate School
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
77.338164%
Approved for public release; distribution is unlimited; Federal government security-cleared personnel have been disclosing federal government classified national security information, whether to a foreign government or the United States media, at an increasing rate since the 1980s. Can common personal or psychological characteristics or motivations be identified from historical cases that could indicate the likelihood of a current or potential federal employee to disclose national security information without authorization? Reasons for unauthorized disclosure range from financial, to whistle-blowing, to a desire to change international policy, to sympathy and strong ties with a foreign government. The focus of this research is on the behavioral characteristics that are similar or different between known, studied historical cases of personnel associated with the federal government who have disclosed classified information without authorization. Upon review of existing data, the prevalent behavioral characteristic of the cases is one of a disgruntled employee (ideology/disillusionment/loyalty). A disgruntled employee becomes the largest concern as an insider threat, one who is willing to compromise his or her feelings of loyalty to the organization and the nation for a myriad of reasons.; ; Senior Security Specialist...

‣ SITREP: The NPS Maritime Defense and Security Research Program Newsletter ; v.15 (2005)

Fonte: Monterey, California. Naval Postgraduate School; Maritime Defense and Security Research Program Publicador: Monterey, California. Naval Postgraduate School; Maritime Defense and Security Research Program
Tipo: Periódico
Português
Relevância na Pesquisa
47.33839%
This issue of the SITREP includes information about a presentation that will take place on the NPS study entitled "Countering Terrorism from the Sea," as well as an article on Lt. Bruce Martin from the Department of Public Safety in the City of Marina. Lt. Martin provides information about what first responders deal with. This document also includes information on a "Requirements, Capabilities and Technology Forum, held by the U.S. Coast Guard's Maritime Domain Awareness Program Integrations Office and the NPS Maritime Domain Protection Research Group, that will take place on May 2, 2005.; SITREP, a monthly e-news brief covering the spectrum of maritime domain defense and security research. SITREP is produced by the Maritime Defense and Security Research Program as part of the National Security Institute—a cooperative research institute whose members include the Naval Postgraduate School, University of California at Santa Barbara, and Lawrence Livermore National Laboratory. The purpose of the Maritime Defense and Security Research program is to conduct, coordinate and collaborate Maritime defense and security research, experimentation, and information exchange between partnership universities; federal, state, and local agencies; national laboratories; maritime industry...

‣ Exploring the Relationship between Homeland Security Information Sharing & Local Emergency Preparedness

Hamilton, Bean
Fonte: Monterey, California. Naval Postgraduate School; Center for Homeland Defense and Security Publicador: Monterey, California. Naval Postgraduate School; Center for Homeland Defense and Security
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
57.285674%
This article appeared in Homeland Security Affairs (May 2009), v.5 no.2; Information sharing among federal, state, and local agencies is a critical element of U.S. homeland security strategy. Few researchers, however, have examined the relationship between the use of homeland security information-sharing systems and perceived levels of emergency preparedness at the local level (city, county, and region). In order to explore this relationship, an online survey was administered to eighty-three registered users of Lessons Learned Information Sharing (LLIS.gov) ''' a U.S. Department of Homeland Security information sharing system ''' and interviews were conducted with ten LLIS.gov users located in different regions of the country. This study finds that the concepts of information sharing and preparedness accommodate multiple ''' and at times conflicting ''' meanings and practices. As a result, the government'۪s effort to create a 'trusted partnership' and a 'culture of information sharing' among federal, state, and local agencies faces significant challenges.

‣ Human factors in Coast Guard Computer Security - an analysis of current awareness and potential techniques to improve security program viability

Whalen, Timothy J.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xxi, 106 p. ; 28 cm.
Português
Relevância na Pesquisa
47.320103%
The Coast Guard is becoming increasingly reliant upon our nation's information infrastructure. As such, our ability to ensure the security of those systems is also increasing in import. Traditional information security measures tend to be system-oriented and often fail to address the human element that is critical to system success. In order to ensure information system security, both system and human factors requirements must be addressed. This thesis attempts to identify both the susceptibility of Coast Guard information systems to human factors-based security risks and possible means for increasing user awareness of those risks. This research is meant to aid the Coast Guard in continuing to capitalize on emerging technologies while simultaneously providing a secure information systems environment.; US Coast Guard (USCG) author

‣ Precise Enforcement of Progress-Sensitive Security

Moore, Scott David; Askarov, Aslan; Chong, Stephen N
Fonte: ACM Press Publicador: ACM Press
Tipo: Conference Paper
Português
Relevância na Pesquisa
47.320103%
Program progress (or termination) is a covert channel that may leak sensitive information. To control information leakage on this channel, semantic definitions of security should be progress sensitive and enforcement mechanisms should restrict the channel's capacity. However, most state-of-the-art language-based information-flow mechanisms are progress insensitive---allowing arbitrary information leakage through this channel---and current progress-sensitive enforcement techniques are overly restrictive. We propose a type system and instrumented semantics that together enforce progress-sensitive security more precisely than existing approaches. Our system is permissive in that it is able to accept programs in which the termination behavior depends only on low-security (e.g., public or trusted) information. Our system is parameterized on a termination oracle, and controls the progress channel precisely, modulo the ability of the oracle to determine the termination behavior of a program based on low-security information. We have instantiated the oracle for a simple imperative language with a logical abstract interpretation that uses an SMT solver to synthesize linear rank functions. In addition, we extend the system to permit controlled leakage through the progress channel...

‣ XML Schema-based Minification for Communication of Security Information and Event Management (SIEM) Systems in Cloud Environments

Moussa, Bishoy; Mostafa, Mahmoud; El-Khouly, Mahmoud
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 03/10/2014 Português
Relevância na Pesquisa
56.849883%
XML-based communication governs most of today's systems communication, due to its capability of representing complex structural and hierarchical data. However, XML document structure is considered a huge and bulky data that can be reduced to minimize bandwidth usage, transmission time, and maximize performance. This contributes to a more efficient and utilized resource usage. In cloud environments, this affects the amount of money the consumer pays. Several techniques are used to achieve this goal. This paper discusses these techniques and proposes a new XML Schema-based Minification technique. The proposed technique works on XML Structure reduction using minification. The proposed technique provides a separation between the meaningful names and the underlying minified names, which enhances software/code readability. This technique is applied to Intrusion Detection Message Exchange Format (IDMEF) messages, as part of Security Information and Event Management (SIEM) system communication hosted on Microsoft Azure Cloud. Test results show message size reduction ranging from 8.15% to 50.34% in the raw message, without using time-consuming compression techniques. Adding GZip compression to the proposed technique produces 66.1% shorter message size compared to original XML messages.; Comment: XML...

‣ Uma metodologia para implantação de um Sistema de Gestão de Segurança da Informação; A methodology to implement an information security management system

Martins, Alaíde Barbosa; Santos, Celso Alberto Saibel
Fonte: Universidade de São Paulo. Faculdade de Economia, Administração e Contabilidade Publicador: Universidade de São Paulo. Faculdade de Economia, Administração e Contabilidade
Tipo: info:eu-repo/semantics/article; info:eu-repo/semantics/publishedVersion; ; ; ; ; ; Formato: application/pdf
Publicado em 01/01/2005 Português
Relevância na Pesquisa
47.320103%
Este artigo apresenta uma proposta de metodologia para a implantação de um Sistema de Gestão da Segurança da Informação (SGSI). A metodologia é baseada nos principais padrões e normas de segurança, definindo um conjunto de diretrizes a serem observadas para garantir a segurança de um ambiente computacional ligado em rede. O processo de implantação do SGSI resulta na padronização e documentação dos procedimentos, ferramentas e técnicas utilizadas, além da criação de indicadores, registros e da definição de um processo educacional de conscientização da organização e de seus parceiros. Os conceitos e idéias aqui apresentados foram aplicados em um estudo de caso envolvendo a empresa Cetrel S.A. - Empresa de Proteção Ambiental. Para esta empresa, responsável pelo tratamento de resíduos industriais provenientes do Pólo Petroquímico de Camaçari-BA e de outras regiões, a garantia da confidencialidade e integridade dos dados de seus clientes, além da possibilidade de disponibilizar informações com segurança são requisitos fundamentais de funcionamento.; Information security has actually been a major challenge to most organizations. Indeed, information security is an ongoing risk management process that covers all of the information that needs to be protected. ISO 17799 offers what companies need in order to better manage information security. The best way to implement this standard is to ease the security management process using a methodology that will define will define guidelines...

‣ Gestão da segurança da informação: fatores que influenciam sua adoção em pequenas e médias empresas; Information security management: factors that influence its adoption in small and mid-sized businesses

Silva Netto, Abner da; Silveira, Marco Antonio Pinheiro da
Fonte: Universidade de São Paulo. Faculdade de Economia, Administração e Contabilidade Publicador: Universidade de São Paulo. Faculdade de Economia, Administração e Contabilidade
Tipo: info:eu-repo/semantics/article; info:eu-repo/semantics/publishedVersion; ; ; ; ; Formato: application/pdf
Publicado em 01/01/2007 Português
Relevância na Pesquisa
57.39809%
Este estudo teve como objetivos verificar em que medida as pequenas e médias empresas realizam gestão da segurança da informação e identificar fatores que influenciam pequenas e médias empresas a adotarem medidas de gestão da segurança da informação. Foi realizada pesquisa de natureza exploratório-descritiva e utilizou-se como delineamento o levantamento (survey). A amostra consistiu em 43 indústrias do setor de fabricação de produtos de metal situadas na região do Grande ABC. Com base na literatura sobre gestão da segurança da informação e na norma brasileira de segurança da informação, foram identificadas as ferramentas ou técnicas de gestão da segurança da informação e classificadas em três camadas: física, lógica e humana. O estudo identificou que a camada humana é a que apresenta a maior carência de cuidados por parte das empresas, seguida pela camada lógica. O antivírus é a ferramenta/técnica mais utilizada pelas empresas pesquisadas para garantir a segurança da informação. A pesquisa relevou que 59% das empresas pesquisadas possuem um nível de segurança satisfatório e que o principal fator motivador para adoção de gestão da segurança da informação é "evitar possíveis perdas financeiras". Todos os fatores inibidores se mostraram importantes para as empresas pesquisadas: falta de conhecimento...

‣ Policy driven security architectures for eBusiness

Cutts, Marcus
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
47.327544%
The dawning of the twenty-first century and genesis of a new millennium has been extremely kind to technological advance. Industries and society alike have reaped the extreme benefits of technology at its finest. Technological progress has also proven to be extraordinarily beneficial to businesses and their bottom lines when properly employed. The need for automated business logic and functionality has spawned numerous concepts and efforts to capitalize on advanced business requirements. Probably the most popular and revolutionary to date of all initiatives is the advent of eBusiness. A direct descendant of Electronic Data Interchange (EDI), eBusiness has and continues to evolve into more than a phenomenon, but rather a sound component of successful corporations and organizations. The evolution and acceptance of eBusiness has created a ripple effect throughout the technical and business worlds. The promise of this wonderful concept and its accompanying technology has forced companies to completely rethink strategic planning efforts, and to sit up and pay full attention to this ever-growing development. One area that has been extremely affected by the wide spread acceptance of eBusiness and its counterparts are the architectures and infrastructures now utilized to support these efforts. Enterprise architectures that had originally been designed to shield internal business activities from the public eye of the Internet and other domains have been either replaced...

‣ Gestão da Informação e do Conhecimento no âmbito das práticas de Segurança da Informação: o fator humano nas organizações; Information and Knowledge Management in the Scope of the Information Security practices: the human factor within Organizations

Carneiro, Luciana Emirena Santos; Pontifícia Universidade Católica de Minas Gerais - Belo Horizonte - MG; Almeida, Maurício Barcellos; Universidade Federal de Minas Gerais, UFMG, Brasil.
Fonte: Departamento de Ciência da Informação – UFSC Publicador: Departamento de Ciência da Informação – UFSC
Tipo: info:eu-repo/semantics/article; info:eu-repo/semantics/publishedVersion; ; ; Formato: application/pdf
Publicado em 13/08/2013 Português
Relevância na Pesquisa
47.396177%
http://dx.doi.org/10.5007/1518-2924.2013v18n37p175 O presente artigo pretende levantar, na literatura de Ciência da Informação, informações acerca de como os aspectos humanos interferem nas práticas gerenciais de segurança da informação. Através de uma pesquisa quantitativa pretende-se obter informações sobre os perfis e ações comportamentais dos colaboradores de uma empresa na área da saúde e a inter-relação com falhas de segurança da informação. Na avaliação dos dados verifica-se que o elemento pessoas é uma variável crítica na gestão de segurança informacional nas organizações.; The security of informational assets has always been a corporate requirement. These assets can be scaled in three main spheres, namely, people, organizational processes and technologies. The internet, the web, the broadcast of networks, and the growing presence of technology both in people's lives and in organizational contexts have caused profound transformations in the intrinsic processes that constitute personal and organizational routines. On the one hand, these changes provided by the technological progress have fostered competitiveness and decentralization; on the other hand, they require better management, control, security and protection for information and knowledge. This article presents the results of an investigation within information security realm...