Information literacy: uma análise nas bibliotecas escolares da rede privada em Natal / RN

GUEDES, Clediane de Araújo; FARIAS, Gabriela Belmont de. Information literacy: uma análise nas bibliotecas escolares da rede privada em Natal / RN. Revista Digital de Biblioteconomia e Ciência da Informação, Campinas, v. 4, n. 2, p. 110-133, jan./jun. 2007

Aspectos do gerenciamento de riscos de tecnologia da informação nas empresas: um estudo de caso múltiplos

The information technology - IT- benefits have been more perceived during the last decades. Both IT and business managers are dealing with subjects like governance, IT-Business alignment, information security and others on their top priorities. Talking about governance, specifically, managers are facing it with a technical approach, that gives emphasis on protection against invasions, antivirus systems, access controls and others technical issues. The IT risk management, commonly, is faced under this approach, that means, has its importance reduced and delegated to IT Departments. On the last two decades, a new IT risk management perspective raised, bringing an holistic view of IT risk to the organization. According to this new perspective, the strategies formulation process should take into account the IT risks. With the growing of IT dependence on most of organizations, the necessity of a better comprehension about the subject becomes more clear. This work shows a study in three public organizations of the Pernambuco State that investigates how those organizations manage their IT risks. Structured interviews were made with IT managers, and later, analyzed and compared with conceptual categories found in the literature. The results shows that the IT risks culture and IT governance are weakly understood and implemented on those organizations, where there are not such an IT risk methodology formally defined, neither executed. In addition, most of practices suggested in the literature were found, even without an alignment with an IT risks management process

Fatores influenciadores da implementação de ações de gestão de segurança da informação :um estudo com executivos e gerentes de tecnologia da informação das empresas do Rio Grande do Norte

Information is one of the most valuable organization s assets, mainly on a global and highly competitive world. On this scenery there are two antagonists forces: on one side, organizations struggle for keeping protected its information, specially those considered as strategic, on the other side, the invaders, leaded by innumerous reasons - such as hobby, challenge or one single protest with the intention of capturing and corrupting the information of other organizations. This thesis presents the descriptive results of one research that had as its main objective to identify which variables influence the Executives´ and CIOs´ perceptions toward Information Security. In addition, the research also identified the profile of Rio Grande do Norte s organizations and its Executives/CIOs concerning Information Security, computed the level of agreement of the respondents according to NBR ISO/IEC 17799 (Information technology Code of practice for information security management) on its dimension Access Control. The research was based on a model, which took into account the following variables: origin of the organization s capital, sector of production, number of PCs networked, number of employees with rights to network, number of attacks suffered by the organizations, respondent´s positions, education level, literacy on Information Technology and specific training on network. In the goal´s point of view, the research was classified as exploratory and descriptive, and, in relation of the approach, quantitative. One questionnaire was applied on 33 Executives and CIOs of the 50 Rio Grande do Norte s organizations that collected the highest taxes of ICMS - Imposto sobre Circulação de Mercadorias on 2000. After the data collecting, cluster analysis and chi-square statistical tools were used for data analysis. The research made clear that the Executives and CIOs of Rio Grande do Norte s organizations have low level of agreement concerning the rules of the NBR ISO/IEC 17799. It also made evident that the Executives and CIOs have its perception toward Information Security influenced by the number of PCs networked and by the number of attacks suffered by the organizations

Segurança da informação no correio eletrônico com base na ISO/IEC 17799 :um estudo de caso em uma instituição superior com foco no treinamento

The electronic mail service is one of the most Internet services that grow in the corporate environment. This evolution is bringing several problems for the organizations, especially to information that circulates inside of the corporate net. The lack of correct orientation to the people, about the usage and the security importance of these resources, is leaving breaches and causing misusage and overuse of service, for example. In recent literature, it starts to coming out several ideas, which has helped to rganizations how to plain and how to implement the information security system to the electronic mail in computer environment. However, these ideas are still not placed in practice in many companies, public or private. This dissertation tries to demonstrate the results of a research that has like goal, identify the importance that user training has over the information security policy, through a case study inside of private superior education institute in this state. Besides, this work had by basic orientation the ISO/IEC 17799, which talk about People Security. This study was developed over a proposed model to this research, which looked for offer conditions to guide the institution studied, how to plan better a information security policy to the electronic mail. Also, this research has an exploratory and descreptive nature and your type, qualitative. Firstly, it was applied na questionary to the information technology manager, as better way to get some general data and to deepen the contact which still then, it was being kept through e-mail. Thereupon this first contact, eleven interviews were done with the same manager, beside one interview with twenty-four users, among employees e students. After that to collect and transcript the interviews, were review with the manager all informations given, to correct any mistakes and to update that informations, to then, start the data analyze. The research suggests that the institution has a pro attitude about the information security policy and the electronic mail usage. However, it was clear that answers have their perception about information security under a very inexperient way, derived of a planning lack in relation to training program capable to solve the problem