22 resultados para information security management system
em Universidade Federal do Rio Grande do Norte(UFRN)
Resumo:
This study examines the factors that influence public managers in the adoption of advanced practices related to Information Security Management. This research used, as the basis of assertions, Security Standard ISO 27001:2005 and theoretical model based on TAM (Technology Acceptance Model) from Venkatesh and Davis (2000). The method adopted was field research of national scope with participation of eighty public administrators from states of Brazil, all of them managers and planners of state governments. The approach was quantitative and research methods were descriptive statistics, factor analysis and multiple linear regression for data analysis. The survey results showed correlation between the constructs of the TAM model (ease of use, perceptions of value, attitude and intention to use) and agreement with the assertions made in accordance with ISO 27001, showing that these factors influence the managers in adoption of such practices. On the other independent variables of the model (organizational profile, demographic profile and managers behavior) no significant correlation was identified with the assertions of the same standard, witch means the need for expansion researches using such constructs. It is hoped that this study may contribute positively to the progress on discussions about Information Security Management, Adoption of Safety Standards and Technology Acceptance Model
Resumo:
Information is one of the most valuable organization s assets, mainly on a global and highly competitive world. On this scenery there are two antagonists forces: on one side, organizations struggle for keeping protected its information, specially those considered as strategic, on the other side, the invaders, leaded by innumerous reasons - such as hobby, challenge or one single protest with the intention of capturing and corrupting the information of other organizations. This thesis presents the descriptive results of one research that had as its main objective to identify which variables influence the Executives´ and CIOs´ perceptions toward Information Security. In addition, the research also identified the profile of Rio Grande do Norte s organizations and its Executives/CIOs concerning Information Security, computed the level of agreement of the respondents according to NBR ISO/IEC 17799 (Information technology Code of practice for information security management) on its dimension Access Control. The research was based on a model, which took into account the following variables: origin of the organization s capital, sector of production, number of PCs networked, number of employees with rights to network, number of attacks suffered by the organizations, respondent´s positions, education level, literacy on Information Technology and specific training on network. In the goal´s point of view, the research was classified as exploratory and descriptive, and, in relation of the approach, quantitative. One questionnaire was applied on 33 Executives and CIOs of the 50 Rio Grande do Norte s organizations that collected the highest taxes of ICMS - Imposto sobre Circulação de Mercadorias on 2000. After the data collecting, cluster analysis and chi-square statistical tools were used for data analysis. The research made clear that the Executives and CIOs of Rio Grande do Norte s organizations have low level of agreement concerning the rules of the NBR ISO/IEC 17799. It also made evident that the Executives and CIOs have its perception toward Information Security influenced by the number of PCs networked and by the number of attacks suffered by the organizations
Resumo:
This study examines the factors that influence public managers in the adoption of advanced practices related to Information Security Management. This research used, as the basis of assertions, Security Standard ISO 27001:2005 and theoretical model based on TAM (Technology Acceptance Model) from Venkatesh and Davis (2000). The method adopted was field research of national scope with participation of eighty public administrators from states of Brazil, all of them managers and planners of state governments. The approach was quantitative and research methods were descriptive statistics, factor analysis and multiple linear regression for data analysis. The survey results showed correlation between the constructs of the TAM model (ease of use, perceptions of value, attitude and intention to use) and agreement with the assertions made in accordance with ISO 27001, showing that these factors influence the managers in adoption of such practices. On the other independent variables of the model (organizational profile, demographic profile and managers behavior) no significant correlation was identified with the assertions of the same standard, witch means the need for expansion researches using such constructs. It is hoped that this study may contribute positively to the progress on discussions about Information Security Management, Adoption of Safety Standards and Technology Acceptance Model
Resumo:
Attacks to devices connected to networks are one of the main problems related to the confidentiality of sensitive data and the correct functioning of computer systems. In spite of the availability of tools and procedures that harden or prevent the occurrence of security incidents, network devices are successfully attacked using strategies applied in previous events. The lack of knowledge about scenarios in which these attacks occurred effectively contributes to the success of new attacks. The development of a tool that makes this kind of information available is, therefore, of great relevance. This work presents a support system to the management of corporate security for the storage, retrieval and help in constructing attack scenarios and related information. If an incident occurs in a corporation, an expert must access the system to store the specific attack scenario. This scenario, made available through controlled access, must be analyzed so that effective decisions or actions can be taken for similar cases. Besides the strategy used by the attacker, attack scenarios also exacerbate vulnerabilities in devices. The access to this kind of information contributes to an increased security level of a corporation's network devices and a decreased response time to occurring incidents
Resumo:
MEDEIROS, Adelardo A. D. et al. SISAL - Um Sistema Supervisório para Elevação Artificial de Petróleo. In: Rio Oil and Gas Expo Conference, 2006, Rio de Janeiro, RJ. Anais... Rio de Janeiro, 2006.
Resumo:
The information technology - IT- benefits have been more perceived during the last decades. Both IT and business managers are dealing with subjects like governance, IT-Business alignment, information security and others on their top priorities. Talking about governance, specifically, managers are facing it with a technical approach, that gives emphasis on protection against invasions, antivirus systems, access controls and others technical issues. The IT risk management, commonly, is faced under this approach, that means, has its importance reduced and delegated to IT Departments. On the last two decades, a new IT risk management perspective raised, bringing an holistic view of IT risk to the organization. According to this new perspective, the strategies formulation process should take into account the IT risks. With the growing of IT dependence on most of organizations, the necessity of a better comprehension about the subject becomes more clear. This work shows a study in three public organizations of the Pernambuco State that investigates how those organizations manage their IT risks. Structured interviews were made with IT managers, and later, analyzed and compared with conceptual categories found in the literature. The results shows that the IT risks culture and IT governance are weakly understood and implemented on those organizations, where there are not such an IT risk methodology formally defined, neither executed. In addition, most of practices suggested in the literature were found, even without an alignment with an IT risks management process
Resumo:
This work aims to analyze risks related to information technology (IT) in procedures related to data migration. This is done considering ALEPH, Integrated Libray System (ILS) that migrated data to the Library Module present in the software called Sistema Integrado de Gestão de Atividades Acadêmicas (SIGAA) at the Zila Mamede Central Library at the Federal University of Rio Grande do Norte (UFRN) in Natal/Brazil. The methodological procedure used was of a qualitative exploratory research with the realization of case study at the referred library in order to better understand this phenomenon. Data collection was able once there was use of a semi-structured interview that was applied with (11) subjects that are employed at the library as well as in the Technology Superintendence at UFRN. In order to examine data Content analysis as well as thematic review process was performed. After data migration the results of the interview were then linked to both analysis units and their system register with category correspondence. The main risks detected were: data destruction; data loss; data bank communication failure; user response delay; data inconsistency and duplicity. These elements point out implication and generate disorders that affect external and internal system users and lead to stress, work duplicity and hassles. Thus, some measures were taken related to risk management such as adequate planning, central management support, and pilot test simulations. For the advantages it has reduced of: risk, occurrence of problems and possible unforeseen costs, and allows achieving organizational objectives, among other. It is inferred therefore that the risks present in data bank conversion in libraries exist and some are predictable, however, it is seen that librarians do not know or ignore and are not very worried in the identification risks in data bank conversion, their acknowledge would minimize or even extinguish them. Another important aspect to consider is the existence of few empirical research that deal specifically with this subject and thus presenting the new of new approaches in order to promote better understanding of the matter in the corporate environment of the information units
Resumo:
In the operational context of industrial processes, alarm, by definition, is a warning to the operator that an action with limited time to run is required, while the event is a change of state information, which does not require action by the operator, therefore should not be advertised, and only stored for analysis of maintenance, incidents and used for signaling / monitoring (EEMUA, 2007). However, alarms and events are often confused and improperly configured similarly by developers of automation systems. This practice results in a high amount of pseudo-alarms during the operation of industrial processes. The high number of alarms is a major obstacle to improving operational efficiency, making it difficult to identify problems and increasing the time to respond to abnormalities. The main consequences of this scenario are the increased risk to personal safety, facilities, environment deterioration and loss of production. The aim of this paper is to present a philosophy for setting up a system of supervision and control, developed with the aim of reducing the amount of pseudo-alarms and increase reliability of the information that the system provides. A real case study was conducted in the automation system of the offshore production of hydrocarbons from Petrobras in Rio Grande do Norte, in order to validate the application of this new methodology. The work followed the premises of the tool presented in ISA SP18.2. 2009, called "life cycle alarm . After the implementation of methodology there was a significant reduction in the number of alarms
Resumo:
The present work, based on the methodological principles of the Comprehensive Discourse Analysis, aimed, through the speech of twelve newly arrived students at the Pedagogy course of the Federal University of Rio Grande do Norte, to understand the moment students start university. It also aimed to analyze the relationship between the schools they were coming from and university entrance as well as the relationship between university and their new students. In the first part of the work, which focused on school knowledge, a comprehensive listening of the speeches of the students led primarily to a distinction, established by the students, between public and private schools, a distinction especially based on the view of superiority of private schools against public ones. The abovementioned interpretation is found in the discussion of the structural duality of Brazilian education which, historically, offers different pedagogical appliances among students of more priviledged social classes and those who come from lower levels of society. The overcome of this duality, aspired by the Brazilian Constitution of 1988, was stopped by the advent of a new economic model neoliberalism, which reinforced the differences between public and private when it prioritized the market on the economic, political and social relations, including educational projects. Impoverishment of public institutions and pauperization of the work of professors affected also the relationship between teachers and studens at the current institution. This is how the teacher becomes the greatest villain at the public management system. All of these references concerning differences in the quality of teaching at public and private schools, expressed by the students interviewed, however, were centered in the preparation for the entrance exam, called vestibular, thus showing a view that the relationship between the student and the school he came from is of a propedeutic kind and even so, reduced to a preparation for an entrance exam. In the second part of the work, which analyzed the relationship between newly arrived students and their university, it was noticed that the latter represents a whole new world. This world is seen as the change at the student´s social statute for now he is grown, takes more responsibilities and is socially respected. This change of attitude established by society and the discovery of a new world which requires more independence from the students, creates in them feelings of pride and fear and they feel insecure when it comes to making decision in the campus because now their decisions deliver a greater load of responsibility. This is when students understand they need to develop autonomy, which is seen, in this work, as the capacity to make conscious decisions. Nevertheless students expressed an understanding of autonomy as something that comes as a gift for those who enter university and not as a process that is constructed from social experiences. For these students, the need to be autonomous refers to the relationships with their teachers and the search for information. This search, however, is also related, according to interviews, to public school financial cuts, which penalize university, and to the lack of employers
Resumo:
This research has aimed at studying the perception of University Hospital Onofre Lopes (HUOL) s workers on the environmental management plan of RSSS. They have been interviewed 250 workers: doctors, nurses, nursing assistants, and cleaners. It was used an exploratory and descriptive research of the type Survey, which aims at obtaining of data or information on characteristics, actions or opinions of any group of people. The questions of the questionnaire were of the kind objective", formulated in a model "scale", analyzed in according to the positioning of the interviewee. The wastes of health service have high potential for environmental impact in the activities from HUOL. Actions or environmental protective policy can improve the image of HUOL. They have been detected divergences on the rigor in application of law of ANVISA. The HUOL s workers unaware of the law of ANVISA and they have little or no knowledge about the practices of environmental control, public health and, they do not know the Environmental Management System ISO 14001. They have divergent views on the degree of importance of ISO 14001. There is not a Waste Management Plan for Health Service and / or is not disclosed for most of HUOL workers. It has not carried out audits or defined the goals and objectives. Besides, it has not been identified legal requirements, and there has not been communication about the service is performed or has been made a critical analysis and no control of documents the environmental management plan. The HUOL have not had a committee of environmental management. The direction of HUOL has not been organized courses, training and recycling of waste on environmental control of the health service. On a scale from 01 to 05, the level of aware level concerning to the waste management from health services of the workers, so is at the threshold between 01 and 02. For the reversal of this situation, the first and urgent step is the creation and institutionalization the environmental management committee of the University Hospital Onofre Lopes
Resumo:
This work has as its main purpose to set a model of Quality Management for micro and small companies integrating the management models: Six Sigma strategy to NBR ISO 9001:2000. An exploratory research is developed to collect technical and bibliographical information on both methods, emphasizing their integration. Then, a survey is carried out on 65 analysts/consultants of Quality Management Systems and it has detected, besides other factors, that current methodologies must be associated in order to reach better results. At last, it proposes the Sigma 9001 model, which aims to make it possible for micro and small companies to objectively and with low costs, implement a Quality Management System, able to assure competitive advantage through improvement identification in the processes, as well as an improvement in the companies management
Resumo:
This work discusses the environmental management thematic, on the basis of ISO 14001 standard and learning organization. This study is carried through an exploratory survey in a company of fuel transport, located in Natal/RN. The objective of this research was to investigate the practices of environmental management, carried through in the context of an implemented ISO 14001 environmental management system, in the researched organization, from the perspective of the learning organization. The methodology used in this work is supported in the quantitative method, combining the exploratory and descriptive types, and uses the technique of questionnaires, having as scope of the research, the managers, employee controlling, coordinators, supervisors and - proper and contracted - of the company. To carry through the analysis of the data of this research, it was used software Excel and Statistical version 6.0. The analysis of the data is divided in two parts: descriptive analysis and analysis of groupings (clusters). The results point, on the basis of the studied theory, as well as in the results of the research, that the implemented ISO 14001 environmental system in the searched organization presents elements that promote learning organization. From the results, it can be concluded that the company uses external information in the decision taking on environmental problems; that the employees are mobilized to generate ideas and to collect n environmental information and that the company has carried through partnerships in the activities of the environmental area with other companies. All these item cited can contribute for the generation of knowledge of the organization. It can also be concluded that the company has evaluated environmental errors occurrences in the past, as well as carried through environmental benchmarking. These practical can be considered as good ways of the company to acquire knowledge. The results also show that the employees have not found difficulties in the accomplishment of the tasks when the manager of its sector is not present. This result can demonstrate that the company has a good diffusion of knowledge
Resumo:
The electronic mail service is one of the most Internet services that grow in the corporate environment. This evolution is bringing several problems for the organizations, especially to information that circulates inside of the corporate net. The lack of correct orientation to the people, about the usage and the security importance of these resources, is leaving breaches and causing misusage and overuse of service, for example. In recent literature, it starts to coming out several ideas, which has helped to rganizations how to plain and how to implement the information security system to the electronic mail in computer environment. However, these ideas are still not placed in practice in many companies, public or private. This dissertation tries to demonstrate the results of a research that has like goal, identify the importance that user training has over the information security policy, through a case study inside of private superior education institute in this state. Besides, this work had by basic orientation the ISO/IEC 17799, which talk about People Security. This study was developed over a proposed model to this research, which looked for offer conditions to guide the institution studied, how to plan better a information security policy to the electronic mail. Also, this research has an exploratory and descreptive nature and your type, qualitative. Firstly, it was applied na questionary to the information technology manager, as better way to get some general data and to deepen the contact which still then, it was being kept through e-mail. Thereupon this first contact, eleven interviews were done with the same manager, beside one interview with twenty-four users, among employees e students. After that to collect and transcript the interviews, were review with the manager all informations given, to correct any mistakes and to update that informations, to then, start the data analyze. The research suggests that the institution has a pro attitude about the information security policy and the electronic mail usage. However, it was clear that answers have their perception about information security under a very inexperient way, derived of a planning lack in relation to training program capable to solve the problem
Resumo:
The knowledge management has received major attention from product designers because many of the activities within this process have to be creative and, therefore, they depend basically on the knowledge of the people who are involved in the process. Moreover, Product Development Process (PDP) is one of the activities in which knowledge management manifests in the most critical form once it had the intense application of the knowledge. As a consequence, this thesis analyzes the knowledge management aiming to improve the PDP and it also proposes a theoretical model of knowledge management. This model uses five steps (creation, maintenance, dissemination, utilization and discard) through the verification of the occurrence of four types of knowledge conversion (socialization, externalization, combination and internalization) that it will improve the knowledge management in this process. The intellectual capital in Small and Medium Enterprises (SMEs) managed efficiently and with the participation of all employees has become the mechanism of the creation and transference processes of knowledge, supporting and, consequently, improving the PDP. The expected results are an effective and efficient application of the proposed model for the creation of the knowledge base within an organization (organizational memory) aiming a better performance of the PDP. In this way, it was carried out an extensive analysis of the knowledge management (instrument of qualitative and subjective evaluation) within the Design department of a Brazilian company (SEBRAE/RN). This analysis aimed to know the state-of-the-art of the Design department regarding the use of knowledge management. This step was important in order to evaluate in the level of the evolution of the department related to the practical use of knowledge management before implementing the proposed theoretical model and its methodology. At the end of this work, based on the results of the diagnosis, a knowledge management system is suggested to facilitate the knowledge sharing within the organization, in order words, the Design department
Resumo:
The pressure for a new pattern of sustainable development began to require of modern organizations the conciliation between competitiveness and a environmental protection. In this sense, a tool that acts in the implementation of structured strategies is the Environmental Management System (EMS), which focuses on improving environmental performance. This improvement, in turn, can generate to the organizations many benefits , among which, obtaining competitive advantages, susceptible of measurement from different perspectives. One of these is the application of VRIO model, reasoned by the Resource-Based View (RBV), which considers that differences between companies occurs due to differences between its internal resources and capabilities. However, although was been found some studies in the literature that evaluate the competitive potential of certain organizations , such assessments are not performed on specific objects, like the SEM s. Thus, the aim of this study was to evaluate the resources and capabilities (environmental strategies) adopted by the SGA of the Verdegreen Hotel, identifying which of these have the potential to generate competitive advantage. For this, this exploratory-descriptive character study and delineated as field research and case study was used as data collection tools: a literature survey, semi-structured interviews, document research and participant observation. The interpretation of results and consolidation of information were conducted from a qualitative approach, using two techniques of data analysis, namely: content analysis and analysis through VRIO model. The results show that the hotel is quite structured in relation to their EMS, as well as reaching related to improving the management of environmental factors, strengthening the image and gains in competitiveness benefits. On the other hand, the main difficulties for the implementation of the system are related to employees and suppliers. With regard to environmental strategies adopted, of the 25 strategies identified, 10 showed the potential to generate competitive advantage
