NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 10
  • 3
  • 3
  • Tagged with
  • 24
  • 24
  • 24
  • 13
  • 10
  • 7
  • 7
  • 6
  • 5
  • 5
  • 5
  • 5
  • 5
  • 5
  • 4
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 11 to 20 of 24 (0.148 seconds)

Spelling suggestions: "subject:"forminformation security policy"" "subject:"informationation security policy""

11

The Impact of Affective Flow on Information Security Policy Compliance

Ormond, Dustin K 15 August 2014 (has links)
Information system security literature has primarily focused on cognitive processes and their impact on information security policy noncompliance behavior. Specific cognitive theories that have been applied include planned behavior, rational choice, deterrence, neutralization, and protection motivation. However, affective processes may better determine misuse or information security policy noncompliance than cognitive processes. The purpose of this dissertation is to evaluate the impact of affective absorption (i.e. the trait or disposition to become deeply involved with one’s emotions) and affective flow (i.e. a state of deep involvement with one’s emotions) on cognitive processes in the context of attitude toward and compliance with information security policies. In essence, individuals with high levels of negative affective absorption may be more prone to experience negative affective flow which may lead to deviant behavior such as misuse of organizational information or noncompliance with information security policy. The proposed conceptual model is evaluated using the classical experimental design through a laboratory experiment. A preliminary investigation (e.g. expert panel reviews, pre-test, and pilot studies) is conducted to ensure measurement validity. During the main investigation, the proposed model and hypotheses are tested. Driven by theory, an alternative model is proposed and tested. The findings of this study underscore the need for understanding affective processes with regard to information security policy compliance behavior. By evaluating both cognitive and affective processes, we gain a more holistic understanding pertaining to information security decision making. This study contributes to information systems security literature by introducing two new constructs, affective absorption and affective flow. In addition, it asserts the need to capture actual behavior in information security research. The findings also contribute to practice by indicating that organizations should (1) include affect in their security, education, training, and awareness programs, (2) focus on eliminating frustrating tasks or reducing frustration caused by these tasks, and (3) induce positive affect through monitoring employee affect levels, identifying areas that need correction, and quickly responding to issues prior to deviance.
compliance
attitude
affective flow
affective absorption
affect
future compliance intention
information security policy
negative affect
organizational injustice
12

The Impact of Awareness of Being Monitored on Internet Usage Policy Compliance: An Agency and Stewardship View

Summers, Nirmalee 14 August 2015 (has links)
Internet usage has become a norm in most organizations where organizations have started monitoring employee, Internet usage, e-mail communications, social network usage and etc. With the increased Internet usage, Internet misuse by employees has increased the potential for security vulnerabilities for these organizations. Organizations have established various security countermeasures such as sanctions, incentives, and Internet usage policies in order to prevent Internet misuse and protect the organizational information assets. However, it is important for organizations to understand whether these Internet usage polices are effective in mitigating the threats towards Internet misuse. Therefore, this dissertation investigates the impact of different countermeasures such as sanctions, incentives and awareness of being monitored on Internet usage policy compliance. Furthermore, it investigates the impact of organizational stewardship culture consisting of collectivism and low power distance, on Internet usage policy compliance behavior. A research model was developed to test the influence of penalties (sanction severity, sanction certainty, sanction celerity), incentives, collectivism and power distance on Internet usage policy compliance intention. Furthermore, it investigates the impact of awareness of being monitored which has not received much attention from information security researchers. In order to test the hypothesized relationships in the research model, data was collected utilizing an online survey through an online survey panel provider, Amazon Mechanical Turk. The findings indicate that, sanction certainty, awareness of being monitored, collectivism and power distance have a significant influence on Internet usage policy compliance intention of the sample population. Additionally, when employees are aware that they are being monitored, it increases the effectiveness of sanction severity and celerity. This dissertation makes several contributions to research and practitioners. It contributes to research by investigating the impact of two contrasting theories where agency theory assumes that employees are motivated through extrinsic factors whereas stewardship theory assumes that they are motivated through intrinsic means (organizational stewardship culture). It contributes to practitioners as well by highlighting the importance of controls such as computer monitoring, swift punishments in protecting organizational assets. As the results suggest, apart from the controls, organizational stewardship culture can play an important role in mitigating some of these threats as well.
Information Security Policy Compliance
Internet Usage Policy Compliance
Sanction Celerity
Agency Theory
Stewardship Theory
Deterrence Theory
Sanction Severity
Sanction Certainty
13

An Analysis of the Impact of Information Security Policies on Computer Security Breach Incidents in Law Firms

Heikkila, Faith M. 01 January 2009 (has links)
Law firms maintain and store voluminous amounts of highly confidential and proprietary data, such as attorney-client privileged information, intellectual properties, financials, trade secrets, personal, and other sensitive information. There is an ethical obligation to protect law firm client data from unauthorized access. Security breaches jeopardize the reputation of the law firm and could have a substantial financial impact if these confidential data are compromised. Information security policies describe the security goals of a law firm and the acceptable actions and uses of law firm information resources. In this dissertation investigation, the author examined the problem of whether information security policies assist with preventing unauthorized parties from accessing law firm confidential and sensitive information. In 2005, Doherty and Fulford performed an exploratory analysis of security policies and security breach incidents that highlighted the need for research with different target populations. This investigation advanced Doherty and Fulford's research by targeting information security policies and security breach incidents in law firms. The purpose of this dissertation investigation was to determine whether there is a correlation between the timing of security policy development (proactive versus reactive policy development) and the frequency and severity of security breach incidents in law firms of varying sizes. Outcomes of this investigation correlated with Doherty and Fulford's general findings of no evidence of statistically significant relationships between the existence of a written information security policy and the frequency and severity of security breach incidents within law firms. There was also a weak relationship between infrequency of information security policy updates and increase of theft resources. Results demonstrated that, generally, written information security policies in law firms were not created in response to a security breach incident. These findings suggest that information security policies generally are proactively developed by law firms. Important contributions to the body of knowledge from this analysis included the effectiveness of information security policies in reducing the number of computer security breach incidents of law firms, an under represented population, in the information assurance field. Also, the analysis showed the necessity for law firms to become more immersed in state security breach notification law requirements.
computer security breach
data breach incidents
information security policy
law firms
personally identifiable information
state security breach notification laws
Computer Sciences
14

POLÍTICA DE SEGURANÇA DA INFORMAÇÃO: UMA ESTRATÉGIA PARA GARANTIR A PROTEÇÃO E A INTEGRIDADE DAS INFORMAÇÕES ARQUIVÍSTICAS NO DEPARTAMENTO DE ARQUIVO GERAL DA UFSM / INFORMATION SECURITY POLICY: A STRATEGY TO ENSURE THE SECURITY AND INTEGRITY OF THE DEPARTMENT OF ARCHIVAL INFORMATION IN THE GENERAL ARCHIVING DEPARTMENT OF THE UFSM

Sfreddo, Josiane Ayres 06 December 2012 (has links)
Presents a study on information security in order to propose an Information Security Policy for the Department of General Archives (DAG), Federal University of Santa Maria (UFSM) as a way of enabling the protection, availability and secure access to archival information (not digital), in the university context. It is characterized as an exploratory qualitative approach, assuming a case study form, because it involves the study of a certain subject allowing its wide and detailed knowledge. It was first conducted a more detailed study of the Standard ISO/IEC 27002 which is a code of practice for information security, providing guidelines for the implementation of an Information Security Policy, based on regulations according to the institutional purposes. The study aimed, at first, to adapt the requirements and controls present in this standard archival context, focusing on the protection of not digital information, a research in the Heritage Documentary line. Thus, the adaptation of the standard for archival followed the structure of the original standard, seeking to provide for the archival institutions a tool to subsidize the development of an Information Security Policy, providing a more secure and reliable protection. In order to compose this policy a data collection was carried out through interviews, structured within questions about security information, based on the standard ISO/IEC 27002, on the previous study and the Adaptation of the Standard for the archival context. With the data collected and analyzed, along with the DAG, it can be verified that the problems causer of threats to the security of not digital archives in the department are directly related to the lack of security to the perimeter and to the absence of a physical control, including entries and exits. These security actions made it possible, together with the adaption of the standard, to propose control in order to prevent further incidents. This way it was possible to structure the Document of the Security Policy representing the materialization of the Security Policy according to the needs presented by DAG. This document will serve as an instrument to support and guide employees, users and third parties in the conduct of institutional activities. However, it is up to the department to approve it and implement it for the purpose of preventing incidents, thereby providing safe reliable and continuous access to not digital information by him guarded. / Apresenta um estudo sobre a segurança da informação a fim de propor uma Política de Segurança da Informação para o Departamento de Arquivo Geral (DAG) da Universidade Federal de Santa Maria (UFSM), possibilitando a proteção, a disponibilidade e o acesso seguro às informações arquivísticas (não digitais), no contexto universitário. Caracteriza-se como uma pesquisa exploratória com abordagem qualitativa, assumindo a forma de estudo de caso, pois envolve o estudo sobre um determinado assunto permitindo o seu amplo e detalhado conhecimento. Primeiramente foi realizado um estudo mais aprofundado da Norma ABNT NBR ISO/IEC 27002 que é um código de prática para a segurança da informação, apresentando diretrizes para a aplicação de uma Política de Segurança da Informação, baseada em regulamentos de acordo com os propósitos institucionais. O estudo objetivou, em um primeiro momento, adaptar os requisitos e controles presentes nessa norma ao contexto arquivístico, tendo como foco a proteção de informação não digital, caracterizando, deste modo, uma pesquisa na linha do Patrimônio Documental. Assim, a Adaptação da Norma para a arquivologia seguiu a estrutura da Norma original, buscando proporcionar às instituições arquivísticas um instrumento que subsidiasse a elaboração de uma Política de Segurança da Informação, possibilitando a proteção de informações não digitais de uma forma mais segura e confiável. Para a composição dessa Política, foi realizada a coleta de dados por meio de entrevista estruturada com questões sobre a segurança da informação, fundamentada na Norma ABNT NBR ISO/IEC 27002, tendo como base o estudo anterior e a Adaptação da Norma para o contexto arquivístico. Com a análise dos dados coletados junto ao DAG, podese verificar que os problemas que causam ameaças à segurança da informação não digital no departamento estão relacionados diretamente à deficiência dos perímetros de segurança e à inexistência de um controle de acesso físico incluindo entradas e saídas. A partir dessas ações de segurança, foi possível, juntamente com a Adaptação da Norma, propor controles a serem aplicados a fim de evitar a ocorrência de novos incidentes. Dessa forma, foi possível estruturar o Documento da Política de Segurança da Informação representando a materialização da Política de Segurança de acordo com as necessidades apresentadas pelo DAG. Esse documento servirá com um instrumento de apoio fundamental para instruir funcionários, usuários e terceiros na realização das atividades institucionais. No entanto, cabe ao departamento aprová-lo e implementá-lo, a fim de prevenir incidentes proporcionando, assim, acesso seguro, confiável e contínuo às informações não digitais por ele custodiadas.
Política de segurança da informação
Segurança da informação
Informação arquivística não digital
Patrimônio documental
Information security policy
Information security
Archival information not digital
Documentary heritage
CNPQ::CIENCIAS HUMANAS::HISTORIA
15

Information Security Culture and Threat Perception : Comprehension and awareness of latent threats in organisational settings concerned with information security

Lambe, Erik January 2018 (has links)
A new challenge for organisations in the 21st century is how they should ensure information security in a time and environment where the widespread use of Information Communication Technologies (ICTs), such as smartphones, means that information has been made vulnerable in numerous new ways. Recent research on information security has focused on information security culture and how to successfully communicate security standards within an organisation. This study aims to examine how latent threats to information security are conceptualised and examined within an organisation in which information security is important. Since threats posed by ICTs are said to be latent, this study wishes to explore in what ways an inclusion of threat conceptualisation can have in understanding what constitutes an efficacious information security culture when the intention is to ensure information security. The study focuses on the Swedish armed forces, and compare how threats to information security posed by interaction with private ICTs are communicated in information security policies and how they are conceptualised by the members of the organisation. Through interviews conducted with service members, the findings of this study indicate that it is possible to successfully communicate the contents of information security policies without mandating the members of the organisation to read the sources themselves. Furthermore, the study identified a feature of information security culture, in this paper called supererogatory vigilance to threats to information security, which might be of interest for future studies in this area, since it offers adaptive protection to new threats to information security that goes beyond what the established sources protects against.
Information security
information security culture
information security policy
administration
policy implementation
latent threats
ICT
dynamic frame analysis
Political Science
Statsvetenskap
16

Threats in Information Security : Beyond technical solutions. - Using Threat Tree Analysis / Hot mot Informationssäkerhet : Bortom tekniska lösningar. - Använda Hotträdsanalys

Olandersson, Sandra, Fredsson, Jeanette January 2001 (has links)
To be able to protect an organisation's resources, it is important to understand what there is to protect and what to protect it from. The first step is to try to analyse the security threats that exist against an organisation's resources to explore the risks. Threats have to be identified, for the organisation to protect its resources and find where the optimal placement against threats is. This thesis analysis whether it is possible to obtain a Threat Tree Analysis that is useful for developing an information security policy for the municipality in Ronneby, using the SS 62 77 99-1 standard. A co-operation between the technical solutions and the administrative security is necessary to achieve information security, together with ordinary common sense. True, each of these can help improve security, but none of them is a complete solution. Security is not a product - it is a process. Threat trees form the basis of understanding that process. In this thesis, we have been using a qualitative method. The analysis method is a case study at the Social Department, at the municipality in Ronneby. Through interviews it has come us to hand, that the organisation has not established an information security policy which should give the code of practice for how the work of information security will pursue within the organisation. The organisation does neither use a model for structuring threats nor a method for collecting threats against information today. Through the structure of possible threats, the personnel generates an understanding of the organisation and takes active part finding adequate threats within the Social Department. As users understand the importance of security, how to use it, and where to report suspected violations, they can do a great deal to reduce the risk to loose information. Important to remember is that the education is an ongoing process, new users need training and trained users need reminding, especially when new technologies or processes are introduced. Thus, Threat Tree Analysis is useful for continuing towards developing an information security policy according to SS 62 77 99-1 standard. / För att kunna skydda en organisations resurser är det viktigt att förstå vad organisationen behöver skydda och vad den ska skydda det ifrån. Det första steget är att analysera hot mot organisationens resurser för att uppskatta riskerna. Hot måste identifieras för att organisationen ska kunna skydda sina resurser och hitta den optimala placeringen av åtgärder mot hot. Denna uppsatsen undersöker om det är möjligt att skapa en hotträdsanalys som är användbar för skapandet av en informationssäkerhetspolicy för Ronneby kommun, genom att använda standarden SS 62 77 99-1. Vi betonar i uppsatsen att ett samarbete mellan existerande tekniska lösningar och administrativ säkerhet är nödvändigt för att uppnå informationssäkerhet. Visst kan var och en av dessa hjälpa till att förbättra säkerheten, men ingen av dem är ensam den kompletta lösningen. Säkerhet är inte en produkt - det är en process. Hotträd formar grunden för en förståelse av den processen. I denna uppsats har vi använt en kvalitativ metod. Analysmetoden är en fallstudie på Socialförvaltningen i Ronneby kommun. Genom intervjuer har vi fått fram att organisationen inte har etablerat en informationssäkerhetspolicy, vilken ska ge riktlinjer för hur säkerhetsarbetet ska fullföljas inom organisationen. Organisationen använder varken en modell för att identifiera hot mot information eller en metod för att strukturera hoten. Genom strukturen av möjliga hot, genererar personalen en förståelse för organisationen och tar aktivt del i att identifiera hot mot Socialförvaltningen. Detta medför att alla användare förstår hur viktigt det är med säkerhet, vart de ska rapportera misstänkta händelser och de kan göra mycket för att minska risken att förlora information. Det är viktigt att komma ihåg att utbildning är en pågående process, nya användare behöver utbildning och utbildade användare behöver vidareutbildning, speciellt när nya tekniker eller processer introduceras. Därför är hotträdsanalysen en användbar modell för arbetet mot att skapa en informationssäkerhetspolicy enligt standarden SS 62 77 99-1. / Sandra Olandersson Blåbärsvägen 27 372 38 RONNEBY 0457 / 12084 Jeanette Fredsson Villa Viola 372 36 RONNEBY 0457 / 26616
Information security
Administrative security
Information technology security
Resources
Vulnerability
Security awareness
Risk assessments
Threats
Threat tree analysis
Information security policy
Computer Sciences
Datavetenskap (datalogi)
17

An investigation of information security policies and practices in Mauritius

Sookdawoor, Oumeshsingh 30 November 2005 (has links)
With the advent of globalisation and ever changing technologies, the need for increased attention to information security is becoming more and more vital. Organisations are facing all sorts of risks and threats these days. It therefore becomes important for all business stakeholders to take the appropriate proactive measures in securing their assets for business survival and growth. Information is today regarded as one of the most valuable assets of an organisation. Without a proper information security framework, policies, procedures and practices, the existence of an organisation is threatened in this world of fierce competition. Information security policies stand as one of the key enablers to safeguarding an organisation from risks and threats. However, writing a set of information security policies and procedures is not enough. If one really aims to have an effective security framework in place, there is a need to develop and implement information security policies that adhere to established standards such as BS 7799 and the like. Furthermore, one should ensure that all stakeholders comply with established standards, policies and best practices systematically to reap full benefits of security measures. These challenges are not only being faced in the international arena but also in countries like Mauritius. International researches have shown that information security policy is still a problematic area when it comes to its implementation and compliance. Findings have shown that several major developed countries are still facing difficulties in this area. There was a general perception that conditions in Mauritius were similar. With the local government's objective to turn Mauritius into a "cyber-island" that could act as an Information Communication & Technology (ICT) hub for the region, there was a need to ensure the adoption and application of best practices specially in areas of information security. This dissertation therefore aims at conducting a research project in Mauritius and assessing whether large Mauritian private companies, that are heavily dependent on IT, have proper and reliable security policies in place which comply with international norms and standards such as British Standard Organisation (BSO) 7799/ ISO 17799/ ISO 27001. The study will help assess the state of, and risks associated with, present implementation of information security policies and practices in the local context. Similarities and differences between the local security practices and international ones have also been measured and compared to identify any specific characteristics in local information security practices. The findings of the study will help to enlighten the security community, local management and stakeholders, on the realities facing corporations in the area of information security policies and practices in Mauritius. Appropriate recommendations have been formulated in light of the findings to improve the present state of information security issues while contributing to the development of the security community / Computing / M.Sc. (Information Systems)
Adherence to established standards
Information security framework
Information security policy
Information security practices
Security standards
Compliance
Information security risk
Procedures
005.8096982
Information policy -- Mauritius
18

An investigation of information security policies and practices in Mauritius

Sookdawoor, Oumeshsingh 30 November 2005 (has links)
With the advent of globalisation and ever changing technologies, the need for increased attention to information security is becoming more and more vital. Organisations are facing all sorts of risks and threats these days. It therefore becomes important for all business stakeholders to take the appropriate proactive measures in securing their assets for business survival and growth. Information is today regarded as one of the most valuable assets of an organisation. Without a proper information security framework, policies, procedures and practices, the existence of an organisation is threatened in this world of fierce competition. Information security policies stand as one of the key enablers to safeguarding an organisation from risks and threats. However, writing a set of information security policies and procedures is not enough. If one really aims to have an effective security framework in place, there is a need to develop and implement information security policies that adhere to established standards such as BS 7799 and the like. Furthermore, one should ensure that all stakeholders comply with established standards, policies and best practices systematically to reap full benefits of security measures. These challenges are not only being faced in the international arena but also in countries like Mauritius. International researches have shown that information security policy is still a problematic area when it comes to its implementation and compliance. Findings have shown that several major developed countries are still facing difficulties in this area. There was a general perception that conditions in Mauritius were similar. With the local government's objective to turn Mauritius into a "cyber-island" that could act as an Information Communication & Technology (ICT) hub for the region, there was a need to ensure the adoption and application of best practices specially in areas of information security. This dissertation therefore aims at conducting a research project in Mauritius and assessing whether large Mauritian private companies, that are heavily dependent on IT, have proper and reliable security policies in place which comply with international norms and standards such as British Standard Organisation (BSO) 7799/ ISO 17799/ ISO 27001. The study will help assess the state of, and risks associated with, present implementation of information security policies and practices in the local context. Similarities and differences between the local security practices and international ones have also been measured and compared to identify any specific characteristics in local information security practices. The findings of the study will help to enlighten the security community, local management and stakeholders, on the realities facing corporations in the area of information security policies and practices in Mauritius. Appropriate recommendations have been formulated in light of the findings to improve the present state of information security issues while contributing to the development of the security community / Computing / M.Sc. (Information Systems)
Adherence to established standards
Information security framework
Information security policy
Information security practices
Security standards
Compliance
Information security risk
Procedures
005.8096982
Information policy -- Mauritius
19

A dimensão humana no processo de gestão da segurança da informação: um estudo aplicado à Pró-Reitoria de Gestão de Pessoas da Universidade Federal da Paraíba

Araujo, Sueny Gomes Leda 21 March 2016 (has links)
Submitted by Viviane Lima da Cunha (viviane@biblioteca.ufpb.br) on 2017-04-26T12:11:40Z No. of bitstreams: 1 arquivototal.pdf: 4891600 bytes, checksum: e47187dc1816954c4d1cf20a19490124 (MD5) / Made available in DSpace on 2017-04-26T12:11:40Z (GMT). No. of bitstreams: 1 arquivototal.pdf: 4891600 bytes, checksum: e47187dc1816954c4d1cf20a19490124 (MD5) Previous issue date: 2016-03-21 / The information is presented as an important asset for institutions and needs to be protected adequately against undue destruction, temporary unavailability, adulteration or unauthorized disclosure. Various forms of physical, virtual and human threats jeopardize the security of information. Although the technology is responsible for providing part of the solution to these problems, many of the vulnerabilities of information systems can be attributed to man's actions. In this sense, it is salutary to study the human dimension in these processes. Concerned about the security of information in Federal Public Institutions the government published a series of laws, decrees, rules and reports that guides the implementation of information security management actions in public institutions. Thus, this study aimed to analyze the human dimension in the information security management process in the Dean of Personnel Management (Progep) of the Federal University of Paraíba (UFPB) from the perspective of the rules of the federal government. This research is characterized as descriptive research with qualitative and quantitative approach and case study as the method of investigation. Therefore, the documentary research was used, participant observation and interview as data collection techniques. From the triangulation of the three collection methods for data analysis was applied to content analysis. The sample was made up of nine directors who compose the Dean of Personnel Management. The results allowed identifying the need of UFPB on elaborate a policy of information classification, since its absence turns impossible the management of information security. As for information security awareness, it was noted the absence of actions that could contribute in the awareness of the public employee process, such as information security mentioned at the time of entry / ownership of public employees and collaborators; preparation of the responsibility and confidentiality term; formal disciplinary proceedings for breach of information security; and actions as informative manuals, campaigns, lectures and meetings. In the use of information security controls, there were initiatives of implementation of certain controls, however, the procedures were eventually made in error, without compliance of the regulatory guidelines. Based on the above, the results of this research can help minimize the impact of threats to information security in Progep /UFPB and, as well, contribute to the creation of a safety culture in federal institutions. / A informação apresenta-se como um importante ativo para as instituições, necessitando ser protegida de forma adequada contra destruição indevida, indisponibilidade temporária, adulteração ou divulgação não autorizada. Várias formas de ameaças físicas, virtuais e humanas, comprometem a segurança das informações. Apesar de a tecnologia ser responsável por fornecer parte da solução para esses problemas, muitas das vulnerabilidades dos sistemas de informação podem ser atribuídas às ações do homem. Nesse sentido, torna-se salutar estudar a dimensão humana nesses processos. Preocupado com a segurança da informação nas Instituições Públicas Federais, o governo publicou uma série de leis, decretos, normas e relatórios que orientam a implementação de ações de gestão de segurança da informação nas instituições públicas. Assim, o presente estudo teve por objetivo analisar a dimensão humana no processo de gestão de segurança da informação na Pró-Reitoria de Gestão de Pessoas (Progep) da Universidade Federal da Paraíba (UFPB) sob a ótica das normas do governo federal. Esta pesquisa caracteriza-se como pesquisa descritiva, com abordagem quali-quantitativa e, quanto ao método de investigação, estudo de caso. Para tanto, foi utilizada a pesquisa documental, observação participante e entrevista, como instrumentos de coleta de dados. A partir da triangulação dos três instrumentos de coleta, para a análise dos dados, foi aplicada a análise de conteúdo. A amostra desta pesquisa foi constituída pelos nove diretores que compõem a Pró-Reitoria de Gestão de Pessoas. Os resultados possibilitaram identificar a necessidade da UFPB em elaborar uma política de classificação da informação, uma vez que sua inexistência impossibilita a gestão da segurança da informação. Quanto à conscientização em segurança da informação, observou-se a inexistência de ações que poderiam contribuir no processo de conscientização dos servidores, como: menção à segurança da informação no momento de ingresso/posse de colaboradores e servidores; elaboração do termo de responsabilidade e confidencialidade; processo disciplinar formal para a violação da segurança da informação; e ações como manuais informativos, campanhas, palestras e reuniões. Na utilização dos controles de segurança da informação, observaram-se iniciativas de implantação de determinados controles, entretanto, os procedimentos acabaram sendo realizados de forma equivocada, sem a observância das orientações normativas. Com base no exposto, os resultados desta pesquisa podem auxiliar a minimizar a incidência de ameaças à segurança da informação na Progep/UFPB, bem como contribuir com a criação de uma cultura de segurança em instituições federais.
Segurança da Informação
Política de Segurança da Informação
Normas de Segurança da Informação
Information Security
Information Security Policy
Standards of Information Security
20

Informationssäkerhet vs. Affärsmål : Ett arbete om hur svenska startups hanterar sin informationssäkerhet

Ring Eggers, Gustav Emil, Olsson, Petter January 2017 (has links)
Att bedriva startups i ett informationsbaserat samhälle medför idag flera utmaningar. För att nå framgång måste företagets resurser användas på rätt sätt. I en tid där informationssäkerhet spelar en allt större roll ska det här till en avvägning mellan att uppnå en bra säkerhetsnivå, samtidigt som de affärsmässiga aspekterna måste prioriteras. I arbetet undersöks hur svenska startups hanterar sin informationssäkerhet. Arbetet syftar även till att undersöka hur utbredd medvetenheten är inom sex svenska startups gällande informationssäkerhet samt hur mycket det prioriteras. Arbetet resultat visar att medvetenheten kring informationssäkerheten är hög men att det fortfarande är brister när det gäller att omsätta denna medvetenhet till praktisk handling och att det är de affärsorienterade målen som prioriteras högst inom en svensk startup. / To run a startup in an information based society can cause a lot of challenges. To reach success, the company’s resources must be used in a proper way. In a time where information security has a big role, there must be a balance between keeping a high level of security meanwhile the business orientated expectations must be prioritized. This thesis will examine how a startup manages its information security. It does also focus on the awareness of information security within six swedish startups considering information security and also it’s priority. The results of the study shows that awareness of information security is high, but there are still shortcomings in putting this awareness into practice. The study also shows that the business-orientated goals are the highest priority within a swedish startup.
Startups
information security
information security policy
standards
ISO
cloud services
PuL
GDPR
Startups
informationssäkerhet
styrdokument
informationssäkerhetspolicy
standarder
ISO
molntjänster
PuL
GDPR
Information Systems, Social aspects

Page generated in 1.9039 seconds