Análise de riscos em segurança da informação: modelo integrado e simplificado de ações de segurança da informação para Instituições Federais de Ensino Superior (IFES)
| Ano de defesa: | 2022 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Tese |
| Tipo de acesso: | Acesso embargado |
| Idioma: | por |
| Instituição de defesa: |
Universidade Federal da Paraíba
Brasil Ciência da Informação Programa de Pós-Graduação em Ciência da Informação UFPB |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | https://repositorio.ufpb.br/jspui/handle/123456789/26291 |
Resumo: | Today's society has information as its transforming element. In the Federal Institutions of Higher Education (IFES) it could not be different, since the information flow has progressively become a structuring element. Therefore, identifying and addressing the security risks that affect these flows is a requirement for such organizations. However, it is observed that the absence of information security (IS) actions in these institutions is, in general, due to the difficulty in applying the existing risk analysis models, considered the pillar of this process. This difficulty occurs because models are proposed for more general purposes that the context of a university requires. The research proposed to develop an integrated and simplified model of actions for risk analysis, specific to the context of the technology sectors of the IFES. After a systematic review of the literature, the internationally recognized framework OCTAVE Forte was chosen for the elaboration of the model, together with the federal government's information security standards and recommendations, which govern the bodies and entities of the Federal Public Administration on the subject of security of information. To achieve this objective, an applied research was carried out, classified as exploratory, in its first phase, and descriptive, in its second phase, based on a mixed approach research that combined qualitative and quantitative research techniques. The information was obtained by the methods of collection used: documental research and application of an online survey. For data analysis, content analysis and statistical analysis were used. Thus, it was intended to identify the conceptual elements for the development of an integrated and simplified model of information security actions. The conceptual elements obtained in this thesis allowed the creation of the MISASI STI model, which can be used as a guide to explore and evaluate existing IS actions and/or necessary for the technology sectors of the IFES. This model was applied on a survey, used as a data collection instrument, and was sent to 102 IFES, being available for just over 4 months, obtaining 101 respondents, however, only 32 completed the survey and had their responses analyzed. Through the analysis of the data collected, it was possible to conclude that the reality of the IFES in relation to the IS needs attention and support from the top management, because, although the rules list several applicable IS actions, the IFES apply actions in an ad hoc way in their majority. The research concluded that it is possible to implement information security actions in the IFES in an integrated and simplified way, for this, however, the support of the top management is essential, from financial to the promotion of culture in IS, through awareness and qualification actions. |