Requisitos para contrata????o de servi??os em computa????o em nuvem pela Administra????o P??blica Federal

Lopes, Thiago Ferreira

27 August 2015

Submitted by Sara Ribeiro (sara.ribeiro@ucb.br) on 2017-04-17T19:05:19Z No. of bitstreams: 1 ThiagoFerreiraLopesDissertacao2015.pdf: 1405460 bytes, checksum: 129ad19fc44bf922d85dac42cc3ac6d8 (MD5) / Approved for entry into archive by Sara Ribeiro (sara.ribeiro@ucb.br) on 2017-04-17T19:05:40Z (GMT) No. of bitstreams: 1 ThiagoFerreiraLopesDissertacao2015.pdf: 1405460 bytes, checksum: 129ad19fc44bf922d85dac42cc3ac6d8 (MD5) / Made available in DSpace on 2017-04-17T19:05:40Z (GMT). No. of bitstreams: 1 ThiagoFerreiraLopesDissertacao2015.pdf: 1405460 bytes, checksum: 129ad19fc44bf922d85dac42cc3ac6d8 (MD5) Previous issue date: 2015-08-27 / The constantly rising business opportunities has forced IT to move toward an adaptive utility model by adopting the cloud computing model, in most cases, due to the speed and low cost offered by this model. However, there are still some issues that are not clear in the adoption of this model, both for customers and for service providers that still experience difficulties in specific segments calls that require the processing of large loads, specific issues related to security, laws and regulations. This research presents the specific requirements that must be considered in preparing the service contract with the cloud computing provider to the Federal Public Administration. With these requirements, evaluations were made of notices published in recent years in order to verify that the requirements were found used or not. / O constante aumento das possibilidades de neg??cio for??ou a tecnologia da informa????o a se mover em dire????o a um modelo de utilidade adaptativo com a ado????o do modelo de computa????o em nuvem, na maioria dos casos, devido ?? agilidade e baixo custo oferecidos por este modelo. Entretanto, ainda h?? pontos que n??o est??o claros na ado????o deste modelo, tanto para clientes quanto para os provedores do servi??o, que ainda demonstram dificuldades para atendimentos de segmentos espec??ficos que exigem o processamento de grandes cargas, quest??es espec??ficas relacionadas com a seguran??a, leis e regulamenta????es. Esta pesquisa apresenta os requisitos espec??ficos que devem ser considerados na elabora????o do contrato de servi??o com o provedor de computa????o em nuvem para os ??rg??os da Administra????o P??blica Federal. De posse destes requisitos, foram feitas avalia????es de editais publicados nos ??ltimos anos para verificar se os requisitos encontrados foram utilizados.

Computa????o em nuvem

Administra????o P??blica Federal

Seguran??a da informa????o

Nuvem p??blica

Modelo referencial de diretrizes de plano estrat??gico de tecnologia da informa????o para ??rg??os da Administra????o P??blica Federal

Costa, Michel Emerson Barros

07 July 2016

Submitted by Sara Ribeiro (sara.ribeiro@ucb.br) on 2017-04-20T17:54:32Z No. of bitstreams: 1 MichelEmersonBarrosCostaDissertacao2016.pdf: 2177480 bytes, checksum: 6a9a1551cb066a39fa3296ded8b1cd23 (MD5) / Approved for entry into archive by Sara Ribeiro (sara.ribeiro@ucb.br) on 2017-04-20T17:56:23Z (GMT) No. of bitstreams: 1 MichelEmersonBarrosCostaDissertacao2016.pdf: 2177480 bytes, checksum: 6a9a1551cb066a39fa3296ded8b1cd23 (MD5) / Made available in DSpace on 2017-04-20T17:56:23Z (GMT). No. of bitstreams: 1 MichelEmersonBarrosCostaDissertacao2016.pdf: 2177480 bytes, checksum: 6a9a1551cb066a39fa3296ded8b1cd23 (MD5) Previous issue date: 2016-07-07 / The Strategic Plan for Information Technology (PETI) is positioned between the Institutional Strategic Planning (PEI) and the Director Plan of Information Technology (PDTI) and seeks by strategic alignment, to meet in a long term, the strategic goals set by the organization, directing the actions to be carried out by the area of Information Technology. This research proposes a reference model that contain guidelines for preparation of the Strategic Plan of the Information Technology of the Federal Public Administration in Brazil (APF). The base of this study is the set of laws, guides, judgments of the TCU (Federal Court of Accounts of Brazil), audits of the CGU (Office of the Comptroller General), rules and national and international standards. The method used in this study was descriptive with qualitative approach, using the technique of content analysis based on a bibliographic search. The result of this work is the set of ten specific guidelines that compose the referential model of PETI Guidelines for APF, whose delimitation was taken through the identification and data extraction of the PETI of the organs of the APF, using the technique of content analysis. / O Plano Estrat??gico de Tecnologia da Informa????o (PETI) se posiciona entre o Planejamento Estrat??gico Institucional (PEI) e o Plano Diretor de Tecnologia da Informa????o (PDTI) e busca, por meio de alinhamento estrat??gico, atender a longo prazo os objetivos estrat??gicos definidos pela organiza????o, direcionando as a????es a serem executadas pela ??rea de Tecnologia da Informa????o. Esta pesquisa prop??e um modelo de refer??ncia de diretrizes para elabora????o do Plano Estrat??gico de Tecnologia da Informa????o no ??mbito da Administra????o P??blica Federal do Brasil (APF). A base desse estudo ?? o conjunto de leis, guias, ac??rd??os do TCU, auditorias da CGU, al??m de normas e padr??es nacionais e internacionais. O m??todo utilizado neste trabalho foi descritivo com abordagem qualitativa, aplicando a t??cnica de an??lise de conte??do com base na pesquisa bibliogr??fica realizada. O resultado do trabalho foi o conjunto de dez diretrizes espec??ficas, que comp??em o Modelo Referencial de Diretrizes de PETI para APF, cuja delimita????o se deu por meio da identifica????o e extra????o dos dados dos PETI dos ??rg??os da APF, utilizando a t??cnica de an??lise de conte??do.

Tecnologia da informa????o

Administra????o P??blica Federal

Modelo de governan??a de seguran??a da informa????o para a Administra????o P??blica Federal

Guimar??es, Rog??rio

29 June 2016

Submitted by Kelson Anthony de Menezes (kelson@ucb.br) on 2016-12-20T12:12:48Z No. of bitstreams: 1 RogerioGuimaraesDissertacao2016.pdf: 1465947 bytes, checksum: 6a9c619aff10ec7966c0a156dcc76b78 (MD5) / Made available in DSpace on 2016-12-20T12:12:48Z (GMT). No. of bitstreams: 1 RogerioGuimaraesDissertacao2016.pdf: 1465947 bytes, checksum: 6a9c619aff10ec7966c0a156dcc76b78 (MD5) Previous issue date: 2016-06-29 / The governance of information security and communication is a set of policies and processes which allows the institutions, public and private, to monitor, evaluate and direct its information assets management, therefore reducing risks against its integrity, confidentiality and availability, aligned with the business necessities, and increasing value, accomplishing benefits, mitigating risks and optimizing costs. This study aims to propose a framework of information security and communication governance for the Federal Government, adhering to Brazilian legal standards and compatible with the Information Security and Communication Strategy and Cybersecurity of the Public Federal Government 2015 ??? 2018, version 1.0. The literature review unveiled the lack of studies about information security and communication governance directed to the Federal Government. From the content analysis, considering specific criteria, and the DSIC ??? Information Security and Communication presidential department ??? norms, as well as the standard NBR ISO/IEC 27002:2013, and the NIST ??? National Institute of Standards and Technology ??? model, the proposed framework was submitted to the analysis of information security specialists of the Government (focus group). The aims of this study were achieved. However, it is expected, moreover, that the present study is able to promote and encourage new studies on the subject. / A governan??a de seguran??a da informa????o e comunica????o ?? um conjunto de pol??ticas e processos que permite que as institui????es, p??blicas ou privadas, monitorem, avaliem e direcionem a gest??o de seus ativos de informa????o, reduzindo os riscos ?? sua integridade, confidencialidade e disponibilidade, de forma alinhada com as necessidades de neg??cios, criando valor, realizando benef??cios, mitigando riscos e otimizando custos. Esta pesquisa tem por objetivo apresentar uma proposta de modelo de Governan??a de Seguran??a da Informa????o e Comunica????o (SIC) para a Administra????o P??blica Federal (APF), aderente ??s normas brasileiras e compat??vel com a Estrat??gia de Seguran??a da Informa????o e Comunica????es e de Seguran??a Cibern??tica da Administra????o P??blica Federal 2015 ??? 2018, vers??o 1.0. A revis??o de literatura revelou a car??ncia de estudos sobre governan??a de seguran??a da informa????o e comunica????o direcionados ?? Administra????o P??blica. Partindo da an??lise de conte??do, ?? luz de crit??rios espec??ficos, das normas emanadas do DSIC - Departamento de Seguran??a da Informa????o e Comunica????es da Presid??ncia da Rep??blica sobre o tema, da norma ABNT NBR ISO/IEC 27002:2013 e do modelo do NIST - National Institute of Standards and Technology, foi concebida uma proposta de modelo e submetida ?? avalia????o de especialistas (grupo focal) em SIC da APF. Os objetivos desta pesquisa foram atingidos e espera-se que esta sirva para promover e incentivar novos trabalhos sobre o tema.

Administra????o P??blica Federal

Proposta de Modelo de Governan??a

Gest??o do Conhecimento

Tecnologia da Informa????o