Segurança da informação: uma metodologia para implantação de um sistema de gestão de segurança da informação
| Ano de defesa: | 2020 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Dissertação |
| Tipo de acesso: | Acesso aberto |
| Idioma: | por |
| Instituição de defesa: |
Universidade Federal da Paraíba
Brasil Educação Mestrado Profissional em Políticas Públicas, Gestão e Avaliação da Educação UFPB |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | https://repositorio.ufpb.br/jspui/handle/123456789/20370 |
Resumo: | Information security is a topic that raises several concerns in the most diverse types of government organizations and entities in the search for means that offer guarantees of protection against any threats to confidentiality, integrity and availability of data, not only in the conventional environment, but also in the technology and its communication network. This research has as general objective to propose a model of information security management system (ISMS) based on the standards ABNT NBR ISO 27001 and ABNT NBR ISO 27002, having a qualitative approach, of the exploratory type, adopting as a means of information to compose its theoretical basis, documentary and bibliographic research. As a data collection instrument, the questionnaire was used, which aimed to identify the main threats to information security present in the study environment of this research, as well as to evaluate the knowledge of the collaborators regarding the theme. As part of the risk analysis process, the Facilitated Risk Analysis and Assessment Process (FRAAP) method was used, a methodology developed through qualitative methods that aims to ensure that risks related to information security are identified, documented and which controls should be established as a way to reduce risks to acceptable levels. It is expected to obtain answers to the problems inherent to information security, suggesting the adoption of an Information Security Management System (ISMS), based on the ABNT NBR ISO / IEC 27001 and 27002 standards, which will simplify the process of planning, implementation, critical analysis and modification of the system, helping to adopt a safety standard to be followed. |