Política de segurança da informação na administração pública: uma abordagem sociotécnica
| Ano de defesa: | 2019 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Dissertação |
| Tipo de acesso: | Acesso aberto |
| Idioma: | por |
| Instituição de defesa: |
Universidade Federal da Paraíba
Brasil Educação Programa de Pós-Graduação em Mestrado em Gestão de Organizações Aprendentes UFPB |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | https://repositorio.ufpb.br/jspui/handle/123456789/19096 |
Resumo: | This study aimed to analyze in light of the Socio-technical Approach the compliance with the guidelines and information security requirements contained in the Information Security Policy (PSI) by the servers of the Federal University of Paraíba (UFPB). Methodologically, this research has a quanti-qualitative approach classified as exploratory and descriptive types. Data collection was performed personally through semi-structured interviews adapted to the information security requirements and guidelines of the PSI/UFPB with 24 servers from the administrative area, IT, teachers and Directors of CCHLA, CCS, CCAE, CT, CI and CCSA. In turn, the data analysis was guided by Content Analysis, which previously were defined socio-technical categories: people, structure, technology and tasks that were related to the 20 identified categories of PSI. Subsequently, the 20 subcategories of the PSI were analyzed individually from their respective socio-technical categories, where vulnerabilities were identified that can be taken advantage of by threats in the information security procedures implemented by the servers. This fact is due to the lack of knowledge of the PSI/UFPB, as well as courses and training in the area of information security. As a result of the research, it was developed a Proposal for Good Practices of Information Security based on standard such as NBR ISO 27002:2013, Good Practices Guide of the Court of Auditors of the Union (2012) and sites that address information security. |