Um modelo de confiança para o ambiente de computação em nuvem

Este artigo apresenta uma proposta de um modelo de gestão contendo requisitos relacionados com a confiabilidade dos sistemas no ambiente de Computação em Nuvem (CN). A proposta teve como base uma revisão da literatura sobre os problemas, desafios e estudos que estão em curso relacionados com a segurança e confiabilidade de aplicações e Sistemas de Informações (SI) neste ambiente tecnológico. Nesta revisão bibliográfica são abordados os entraves e desafios atualmente existentes na visão de conceituados autores sobre o tema. Estas questões foram abordadas e estruturadas na forma de um modelo, denominado de “Modelo de Confiança para o ambiente de Computação em Nuvem”. Trata-se de uma proposta proativa que tem por objetivo organizar e discutir soluções de gestão para o ambiente de CN com uma maior confiabilidade para a operacionalização das aplicações de SI, tanto por parte dos provedores como também dos seus clientes.

A trust model for cloud computing environment

This paper presents a proposal for a management model based on reliability requirements concerning Cloud Computing (CC). The proposal was based on a literature review focused on the problems, challenges and underway studies related to the safety and reliability of Information Systems (IS) in this technological environment. This literature review examined the existing obstacles and challenges from the point of view of respected authors on the subject. The main issues are addressed and structured as a model, called "Trust Model for Cloud Computing environment". This is a proactive proposal that purposes to organize and discuss management solutions for the CC environment, aiming improved reliability of the IS applications operation, for both providers and their customers. On the other hand and central to trust, one of the CC challenges is the development of models for mutual audit management agreements, so that a formal relationship can be established involving the relevant legal responsibilities. To establish and control the appropriate contractual requirements, it is necessary to adopt technologies that can collect the data needed to inform risk decisions, such as access usage, security controls, location and other references related to the use of the service. In this process, the cloud service providers and consumers themselves must have metrics and controls to support cloud-use management in compliance with the SLAs agreed between the parties. The organization of these studies and its dissemination in the market as a conceptual model that is able to establish parameters to regulate a reliable relation between provider and user of IT services in CC environment is an interesting instrument to guide providers, developers and users in order to provide services and secure and reliable applications.

Implementação de um sistema de customer relationship management na broaden information solutions

Dissertação de mestrado em Sistemas de Informação

Insider threats: the major challenge to security risk management

Security risk management is by definition, a subjective and complex exercise and it takes time to perform properly. Human resources are fundamental assets for any organization, and as any other asset, they have inherent vulnerabilities that need to be handled, i.e. managed and assessed. However, the nature that characterize the human behavior and the organizational environment where they develop their work turn these task extremely difficult, hard to accomplish and prone to errors. Assuming security as a cost, organizations are usually focused on the efficiency of the security mechanisms implemented that enable them to protect against external attacks, disregarding the insider risks, which are much more difficult to assess. All these demands an interdisciplinary approach in order to combine technical solutions with psychology approaches in order to understand the organizational staff and detect any changes in their behaviors and characteristics. This paper intends to discuss some methodological challenges to evaluate the insider threats and its impacts, and integrate them in a security risk framework, that was defined according to the security standard ISO/IEC_JTC1, to support the security risk management process.

Systematic design analysis and risk management on engineered nanoparticles occupational exposure

The production of nanotechnology-based products is increasing, along with the conscience of the possible harmful effects of some nanomaterials. The “safety-by-design” approaches are getting attention as helpful tools to develop safer products and production processes. The Systematic Design Analysis Approach could help to identify the solutions to control the workplace risks by defining the emission and exposure scenarios and the possible barriers to interrupt them. By applying this approach in a photocatalytic ceramic tiles development project it was possible to identify relevant nanoparticles emission scenarios and related barriers, and defining possible ways to reduce it.

Analysis of portuguese residential buildings’ needs and proposed solutions

The Portuguese housing sector experienced a significant growth throughout the 20th century, particularly in the last quarter, after the democratic revolution in 1974. In fact, the number of buildings built between 1970 and 1990 is more than one third of the buildings actually existing in Portugal. Therefore most of them were built before the publication of the first regulation concerning the energy efficiency in buildings. Regarding this scenario, it would be expected that rehabilitation activities would represent most of the current construction activities. However, given some remaining barriers from old social policies, this situation is not observed; actually building retrofitting is the least significant sector, accentuating the degradation level of major part of the Portuguese housing stock. Several studies show that the main problems are found in the buildings envelope elements, such as roofs and façades. Based on this context, the aim of this paper is to introduce some examples of building retrofitting systems that, adapted to the Portuguese main needs and requirements may represent sustainable solutions to overcome the identified needs of Portuguese buildings' envelope.

Corporate Performance Management através da integração de Business Intelligence e Business Process Management

Dissertação de mestrado integrado em Engenharia e Gestão de Sistemas de Informação