878 resultados para ISO 27001
Resumo:
El presente proyecto presenta una introducción a los sistemas de gestión de la Seguridad de la Información (o SGSI) y describe el proceso de desarrollo de una herramienta informática de soporte a la implantación de forma fácil, eficaz y eficiente de un SGSI (se referirá a partir de ahora a esta herramienta como Herramienta de Implantación y Seguimiento de SGSI o HIS-SGSI) según lo definido por el estándar ISO/IEC 27001:2005.
Resumo:
60 p.
Resumo:
A informação é considerada hoje um dos maiores ativos nas organizações, e, como tal, necessita ser protegida de forma adequada às necessidades do negócio. Conforme o valor da informação cresce, aumenta também o interesse em interceptar e adulterar seu conteúdo, levando a um comprometimento dos sistemas que suportam o negócio. A Câmara dos Deputados é um dos órgãos integrantes do Poder Legislativo Brasileiro e cabe a ela representar o povo, legislar sobre os assuntos de interesse nacional e fiscalizar a aplicação dos recursos públicos. Por meio de seu Sistema Eletrônico de Votação, ocorrem votações em que são tomadas decisões que afetam a vida de toda a nação. Com o uso da pesquisa documental, realizada a partir de um estudo de caso efetuado com base na análise de documentos existentes no âmbito da Coordenação do Sistema Eletrônico de Votação, este trabalho pretende comparar os controles de segurança da informação em uso e os controles recomendados para obtenção da certificação ISO 27001, para que se dê transparência ao processo de votação. Este trabalho apresenta como resultado o percentual dos controles recomendados pela norma que estão em uso, permitindo demonstrar que a segurança da informação é seriamente considerada durante o processo eletrônico de votação no Plenário Ulysses Guimarães da Câmara dos Deputados.
Resumo:
This study examines the factors that influence public managers in the adoption of advanced practices related to Information Security Management. This research used, as the basis of assertions, Security Standard ISO 27001:2005 and theoretical model based on TAM (Technology Acceptance Model) from Venkatesh and Davis (2000). The method adopted was field research of national scope with participation of eighty public administrators from states of Brazil, all of them managers and planners of state governments. The approach was quantitative and research methods were descriptive statistics, factor analysis and multiple linear regression for data analysis. The survey results showed correlation between the constructs of the TAM model (ease of use, perceptions of value, attitude and intention to use) and agreement with the assertions made in accordance with ISO 27001, showing that these factors influence the managers in adoption of such practices. On the other independent variables of the model (organizational profile, demographic profile and managers behavior) no significant correlation was identified with the assertions of the same standard, witch means the need for expansion researches using such constructs. It is hoped that this study may contribute positively to the progress on discussions about Information Security Management, Adoption of Safety Standards and Technology Acceptance Model
Resumo:
This study examines the factors that influence public managers in the adoption of advanced practices related to Information Security Management. This research used, as the basis of assertions, Security Standard ISO 27001:2005 and theoretical model based on TAM (Technology Acceptance Model) from Venkatesh and Davis (2000). The method adopted was field research of national scope with participation of eighty public administrators from states of Brazil, all of them managers and planners of state governments. The approach was quantitative and research methods were descriptive statistics, factor analysis and multiple linear regression for data analysis. The survey results showed correlation between the constructs of the TAM model (ease of use, perceptions of value, attitude and intention to use) and agreement with the assertions made in accordance with ISO 27001, showing that these factors influence the managers in adoption of such practices. On the other independent variables of the model (organizational profile, demographic profile and managers behavior) no significant correlation was identified with the assertions of the same standard, witch means the need for expansion researches using such constructs. It is hoped that this study may contribute positively to the progress on discussions about Information Security Management, Adoption of Safety Standards and Technology Acceptance Model
Resumo:
Las redes de comunicaciones son muy importantes para las empresas. Se solicita una red de altas prestaciones que pueda llevar muchos sistemas sobre ella (cámaras de seguridad, video, voz, datos, SCADA, wifi). Ahora también necesitamos que la red sea segura. Cuando hablamos de seguridad no solo nos referimos a evitar ataques o virus, también hablamos de cómo puede afectarnos el incendio de un centro de proceso de datos. Basándonos en la ISO 27001:2013 daremos las principales pautas para que la gestión de esta red sea segura. En este trabajo hemos securizado una red universitaria que usa tecnología MPLS.
Resumo:
This study examines the factors that influence public managers in the adoption of advanced practices related to Information Security Management. This research used, as the basis of assertions, Security Standard ISO 27001:2005 and theoretical model based on TAM (Technology Acceptance Model) from Venkatesh and Davis (2000). The method adopted was field research of national scope with participation of eighty public administrators from states of Brazil, all of them managers and planners of state governments. The approach was quantitative and research methods were descriptive statistics, factor analysis and multiple linear regression for data analysis. The survey results showed correlation between the constructs of the TAM model (ease of use, perceptions of value, attitude and intention to use) and agreement with the assertions made in accordance with ISO 27001, showing that these factors influence the managers in adoption of such practices. On the other independent variables of the model (organizational profile, demographic profile and managers behavior) no significant correlation was identified with the assertions of the same standard, witch means the need for expansion researches using such constructs. It is hoped that this study may contribute positively to the progress on discussions about Information Security Management, Adoption of Safety Standards and Technology Acceptance Model
Resumo:
This paper researches the information security value in e-entrepreneurship by revising the literature that establishes the entrepreneurial domain and by relating it with the development of technological resources that create value for the customer in an online business. It details multiple paradigms regarding consumer’s values of information security, while relating them with common practices and previous researches in technological entrepreneurship. This research presents and discusses the benefits of information security standards in e-entrepreneurship. It details and discusses the ISO 27001 and PCI-DSS information security standards that can be used to differentiate security initiatives to achieve competitive advantage, while preserving information leadership as a critical resource for online business success. Based on the literature review, a theoretical research model is presented and research hypotheses are discussed. This model believes that information security affects information leadership and that information leadership, as a unique resource in e-business, contributes to e-entrepreneurship success. The adoption of information security standards affects customer’s trust in e-business, which also benefits e-entrepreneurial strategy.
Resumo:
48 p.
Resumo:
With the increasing significance of information technology, there is an urgent need for adequate measures of information security. Systematic information security management is one of most important initiatives for IT management. At least since reports about privacy and security breaches, fraudulent accounting practices, and attacks on IT systems appeared in public, organizations have recognized their responsibilities to safeguard physical and information assets. Security standards can be used as guideline or framework to develop and maintain an adequate information security management system (ISMS). The standards ISO/IEC 27000, 27001 and 27002 are international standards that are receiving growing recognition and adoption. They are referred to as “common language of organizations around the world” for information security. With ISO/IEC 27001 companies can have their ISMS certified by a third-party organization and thus show their customers evidence of their security measures.
Resumo:
The effective implementation of such an ISO 9001 Quality Management System (QMS) in construction companies requires a proper and full implementation of the system to allow companies to improve the way they operate, by this means increasing profitability and market share, producing innovative and sustainable construction products, or improving employee and customer satisfaction. In light of this, this paper discusses the current status of QMS implementation, particularly related to the twenty elements of ISO 9001 within the grade 7 (G-7) category of Indonesian construction companies. A survey was conducted involving 403 respondents from 77 companies, to solicit an evaluation of the current implementation levels of the ISO 9001 elements. The survey findings indicated that for a large percentage of the sector surveyed they had ‘not so fully implemented’ the elements. Scrutiny of the data had also indicated elements that are ‘minimally implemented’, whilst none of the elements fell in the category of ‘fully implemented’. Based on these findings, it is suggested that the G-7 contractors may need to fully commit to practicing control of customer-supplied product and statistical techniques in order to enhance an effective implementation of ISO 9001 elements for ensuring better quality performance. These two elements are recognized as the least implemented of the quality elements.
Resumo:
The Midwest Independent Transmission System Operator (MISO) has experienced significant amounts of wind power development within the last decade. The MISO footprint spans the majority of the upper Midwest region of the country, from the Dakotas to Indiana and as far east as Michigan. These areas have a rich wind energy resource. States in the MISO footprint have passed laws or set goals that require load serving entities to supply a portion of their load using renewable energy. In order to meet these requirements, significant investments are needed to build the transmission infrastructure necessary to deliver the power from these often remote wind energy resources to the load centers. This paper presents some of the transmission planning related work done at MISO which was largely influenced by current and future needs for increased wind power generation in the footprint. Specifically, topics covered are generator interconnection, long-term planning coordination, and cost-allocation for new transmission lines.
Resumo:
The Midwestern US is a wind-rich resource and wind power is being developed in this region at a very brisk pace. Transporting this energy resource to load centers invariably requires massive transmission lines. This issue of developing additional transmission to support reliable integration of wind on to the power grid provides a multitude of interesting challenges spanning various areas of power systems such as transmission planning, real-time operations and cost-allocation for new transmission. The Midwest ISO as a regional transmission provider is responsible for processing requests to interconnect proposed generation on to the transmission grid under its purview. This paper provides information about some of the issues faced in performing interconnection planning studies and Midwest ISO's efforts to improve its generator interconnection procedures. Related cost-allocation efforts currently ongoing at the Midwest ISO to streamline integration of bulk quantities of wind power in to the transmission grid are also presented.
