Detalhes bibliográficos
| Ano de defesa: |
2016 |
| Autor(a) principal: |
SOARES, Cleberton Carvalho |
| Orientador(a): |
SILVA, Paulo Caetano da |
| Banca de defesa: |
SILVA, Bruno Carreiro da,
MACHADO, Glauco Jose Couri |
| Tipo de documento: |
Dissertação
|
| Tipo de acesso: |
Acesso aberto |
| Idioma: |
por |
| Instituição de defesa: |
Universidade Salvador
|
| Programa de Pós-Graduação: |
Sistemas e Computação
|
| Departamento: |
Sistemas e Computação
|
| País: |
Brasil
|
| Palavras-chave em Português: |
|
| Área do conhecimento CNPq: |
|
| Link de acesso: |
http://teste.tede.unifacs.br:8080/tede/handle/tede/554
|
Resumo: |
Information is an important variable in the corporate environment, potentially rich and important for strategic planning, therefore, can not be exposed to changing risks or unauthorized access. Among the information technologies that manipulate and make exchange of information, currently, the Web technologies represent a software development paradigm increasingly used and use the Internet as a means of communication to exchange information. However, the Internet is admittedly a hostile and without management environment, which favors the use of techniques and strategies to exploit vulnerabilities that exposes information from companies to severe risks, compromising their business. For Web applications continue manipulating and exchanging confidential and sensitive information it is necessary to obtain higher levels of information security. Based on this context we propose in this dissertation a framework of information security management, recommended in ISO / IEC 27002:2013 standard, and the main risk currently found in Web applications In the framework we propose processes and activities so that good practices and technologies are identified, integrated, institutionalized and regularly improved in order to help to resolve or mitigate risks that are currently found in Web applications. To evaluate the proposal we developed and applied a questionnaire to professional an in the software engineering area, in order to identify the opinion of these professionals both in the use of frameworks and in processes related to the management of information security. The results show that initiatives and proposals of structured frameworks are common for software engineering, and research in the context of information security management remain important and should be encouraged in the development of systems, in particular for applications using the Internet as a means for handling and exchange of confidential and sensitive information. |
