Gestão da informação e sistemas de gestão de segurança da informação: modelo para a garantia de disponibilidade em processos de contratação
| Ano de defesa: | 2022 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Tese |
| Tipo de acesso: | Acesso aberto |
| Idioma: | por |
| Instituição de defesa: |
Universidade Federal de Minas Gerais
Brasil ECI - ESCOLA DE CIENCIA DA INFORMAÇÃO Programa de Pós-Graduação em Gestão e Organização do Conhecimento UFMG |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | http://hdl.handle.net/1843/45092 https://orcid.org/ 0000-0003-2981-4377 |
Resumo: | The 21st century presents itself as a period for transitions in communication and access to information. It requires that the organizations show the right competencies related to resilience and the ability to learn. Such resources can be achieved through Information Management (IM) and Information Security Management Systems (ISMS). The ISMS aims for business continuity in organizations, safeguarding the guarantee of transactions. On the other hand, IM focuses on managing the information life cycle to ensure its availability in organizations. The theoretical basis of the present research relies on Information Security Management Systems (ISMS) and Information Management (IM). It was found in the literature that although IM and ISMS share the same object of study - information - there is no direct dialogue between them. It is noteworthy that non-compliance with IM practices in ISMS can cause profound damage to organizations. Based on this, the research proposal follows the question: how can IM models contribute to minimizing risks, threats, and vulnerabilities, related to ISMS models, specifically on the availability of contracting processes in organizations? Therefore, the objective here is to propose an IM model for SGSI that makes it possible to minimize problems related to the availability of information. Specifically, a convergent definition for the IM concept based on the consulted literature; present the state of the art of IM models, methodologies, and theories and highlight the importance of ISMS and IM for contracting processes by evaluating the proposed IM model for ISMS. In methodological terms, an exploratory and qualitative approach was applied. At first, through the bibliographic research, the central themes of the research (ISMS and IM) were studied, and a systematic literature review of IM models, methodologies, and theories was elaborated. Second, the IM model for ISMS was proposed, focused on ensuring information availability. And finally, the model proposed was evaluated by the stratified social survey technique where semi-structured interviews were applied in the Brazilian industrial organization Petrobras. As a result of the research, it was obtained: a convergent definition for the term IM based on the frequency of the keywords from pre-existing IM concepts in the consulted literature, the state of the art of IM models, theories, and methodologies from an initial corpus of 3,873 records of documents retrieved from databases and, finally, the proposition of the IM model for ISMS with a focus on ensuring the information security property availability. The results of the IM model proposed for the SGSI evaluation have shown that it is in line with the professional reality of the organization governed by Brazilian Law 13.303/2016 in its contracting processes. |