Detalhes bibliográficos
| Ano de defesa: |
2024 |
| Autor(a) principal: |
Pigola, Angélica |
| Orientador(a): |
Meirelles, Fernando de Souza |
| Banca de defesa: |
Não Informado pela instituição |
| Tipo de documento: |
Tese
|
| Tipo de acesso: |
Acesso aberto |
| Idioma: |
eng |
| Instituição de defesa: |
Não Informado pela instituição
|
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: |
|
| Palavras-chave em Inglês: |
|
| Link de acesso: |
https://hdl.handle.net/10438/36003
|
Resumo: |
Trust management in information security involves establishing, maintaining, and verifying trusted relationships between systems, users, and processes, ensuring the integrity, confidentiality, and availability of systems. In this context, various strategies have emerged to mitigate risks and enhance organizations' security postures. In particular, the Zero Trust (ZT) strategy operates on the principle that no entity, whether internal or external, should be automatically trusted. This strategy emphasizes the need for complete visibility and strict control over who and what is accessing the network, applying security policies based on identity, context, and behavior. In this way, ZT has reshaped corporate thinking, requiring greater attention from management for successful implementation and highlighting the need for a deeper understanding of organizational trust management challenges. In this dissertation, the ZT strategy becomes a point of reference for investigating what these organizational challenges are. It is structured around the theoretical and empirical exploration of this domain. The introductory chapter presents an expanded view of the key concepts on the subject, followed by a systematic literature review in the second chapter on trust management in information security, investigating strategies, foundations, methodologies, and techniques. The third chapter seeks empirical insights derived from a qualitative-quantitative approach, based on a virtual Delphi panel with 29 information security experts, followed by fuzzy and multi-criteria decision-making (MCDM) analysis using the CRITIC method (Criteria Importance Through Intercriteria Correlation). Four dimensions of organizational challenges in trust management are identified: costs and investments, organizational culture, operational and procedural changes, and risks and compliance. The fourth chapter presents additional empirical insights using an inductive qualitative approach, based on 27 semi-structured interviews with information security professionals across various sectors in Brazil. The results confirm these challenges in the four dimensions. The fifth chapter presents a new empirical validation through a quantitative approach using the ENTROPY method. This validation was conducted with 27 structured interviews with the same experts, aiming to rank the key criteria within the four organizational dimensions that challenge the management of the ZT strategy. Additionally, a survey was conducted with 267 information security experts. The conclusions indicate that organizational challenges, such as organizational culture, costs, and investments, are significantly associated with the adoption of the ZT strategy. Conversely, operational changes, process modifications, and regulatory compliance did not have a significant impact. This result reveals that trust management challenges in information security within the ZT domain are largely rooted in human and economic factors. These are closely tied to the maturity and understanding of the ZT strategy in practice. In the final chapter, we present a comprehensive summary framework, from a holistic perspective, regarding the main strategies, foundations, methodologies, and techniques for trust management in information security. Trust management and principal-agent theories support all the evidence, highlighting discrepancies between the theoretical field and practical implementation. This dissertation includes 370 bibliographic references and provides a theoretical and practical contribution to trust management. Through the proposal of a reference framework, it guides organizations in trust management strategies, helping to improve information security posture in an increasingly challenging and complex environment. |
