Utilização do Linux como ferramanenta antivírus em redes corporativas

Apresentamos um sistema implementado em Linux® com o intuito de proteger redes contendo estações de trabalho Windows® contra agentes maliciosos. O sistema, denominado LIV - Linux® Integrated Viruswall, agrega características existentes em outras soluções e acrescenta novas funcionalidades. Uma das funcionalidades implementadas é a capacidade de detecção de estações de trabalho contaminadas tendo como base a análise do tráfego de rede. Outra é o uso de uma técnica denominada compartilhamento armadilha para identificar agentes maliciosos em propagação na rede local. Uma vez detectado um foco de contaminação, o LIV é capaz de isolá-lo da rede, contendo a difusão do agente malicioso. Resultados obtidos pelo LIV na proteção de uma rede corporativa demonstram a eficácia da análise do tráfego de rede como instrumento de detecção de agentes maliciosos, especialmente quando comparada a mecanismos tradicionais de detecção, baseados exclusivamente em assinaturas digitais de códigos maliciosos

Aspectos do gerenciamento de riscos de tecnologia da informação nas empresas: um estudo de caso múltiplos

The information technology - IT- benefits have been more perceived during the last decades. Both IT and business managers are dealing with subjects like governance, IT-Business alignment, information security and others on their top priorities. Talking about governance, specifically, managers are facing it with a technical approach, that gives emphasis on protection against invasions, antivirus systems, access controls and others technical issues. The IT risk management, commonly, is faced under this approach, that means, has its importance reduced and delegated to IT Departments. On the last two decades, a new IT risk management perspective raised, bringing an holistic view of IT risk to the organization. According to this new perspective, the strategies formulation process should take into account the IT risks. With the growing of IT dependence on most of organizations, the necessity of a better comprehension about the subject becomes more clear. This work shows a study in three public organizations of the Pernambuco State that investigates how those organizations manage their IT risks. Structured interviews were made with IT managers, and later, analyzed and compared with conceptual categories found in the literature. The results shows that the IT risks culture and IT governance are weakly understood and implemented on those organizations, where there are not such an IT risk methodology formally defined, neither executed. In addition, most of practices suggested in the literature were found, even without an alignment with an IT risks management process

Aspectos do gerenciamento de riscos de tecnologia da informação nas empresas: um estudo de caso múltiplos

The information technology - IT- benefits have been more perceived during the last decades. Both IT and business managers are dealing with subjects like governance, IT-Business alignment, information security and others on their top priorities. Talking about governance, specifically, managers are facing it with a technical approach, that gives emphasis on protection against invasions, antivirus systems, access controls and others technical issues. The IT risk management, commonly, is faced under this approach, that means, has its importance reduced and delegated to IT Departments. On the last two decades, a new IT risk management perspective raised, bringing an holistic view of IT risk to the organization. According to this new perspective, the strategies formulation process should take into account the IT risks. With the growing of IT dependence on most of organizations, the necessity of a better comprehension about the subject becomes more clear. This work shows a study in three public organizations of the Pernambuco State that investigates how those organizations manage their IT risks. Structured interviews were made with IT managers, and later, analyzed and compared with conceptual categories found in the literature. The results shows that the IT risks culture and IT governance are weakly understood and implemented on those organizations, where there are not such an IT risk methodology formally defined, neither executed. In addition, most of practices suggested in the literature were found, even without an alignment with an IT risks management process