Modelo de governan??a de seguran??a da informa????o para a Administra????o P??blica Federal

Guimar??es, Rog??rio

29 June 2016

Submitted by Kelson Anthony de Menezes (kelson@ucb.br) on 2016-12-20T12:12:48Z No. of bitstreams: 1 RogerioGuimaraesDissertacao2016.pdf: 1465947 bytes, checksum: 6a9c619aff10ec7966c0a156dcc76b78 (MD5) / Made available in DSpace on 2016-12-20T12:12:48Z (GMT). No. of bitstreams: 1 RogerioGuimaraesDissertacao2016.pdf: 1465947 bytes, checksum: 6a9c619aff10ec7966c0a156dcc76b78 (MD5) Previous issue date: 2016-06-29 / The governance of information security and communication is a set of policies and processes which allows the institutions, public and private, to monitor, evaluate and direct its information assets management, therefore reducing risks against its integrity, confidentiality and availability, aligned with the business necessities, and increasing value, accomplishing benefits, mitigating risks and optimizing costs. This study aims to propose a framework of information security and communication governance for the Federal Government, adhering to Brazilian legal standards and compatible with the Information Security and Communication Strategy and Cybersecurity of the Public Federal Government 2015 ??? 2018, version 1.0. The literature review unveiled the lack of studies about information security and communication governance directed to the Federal Government. From the content analysis, considering specific criteria, and the DSIC ??? Information Security and Communication presidential department ??? norms, as well as the standard NBR ISO/IEC 27002:2013, and the NIST ??? National Institute of Standards and Technology ??? model, the proposed framework was submitted to the analysis of information security specialists of the Government (focus group). The aims of this study were achieved. However, it is expected, moreover, that the present study is able to promote and encourage new studies on the subject. / A governan??a de seguran??a da informa????o e comunica????o ?? um conjunto de pol??ticas e processos que permite que as institui????es, p??blicas ou privadas, monitorem, avaliem e direcionem a gest??o de seus ativos de informa????o, reduzindo os riscos ?? sua integridade, confidencialidade e disponibilidade, de forma alinhada com as necessidades de neg??cios, criando valor, realizando benef??cios, mitigando riscos e otimizando custos. Esta pesquisa tem por objetivo apresentar uma proposta de modelo de Governan??a de Seguran??a da Informa????o e Comunica????o (SIC) para a Administra????o P??blica Federal (APF), aderente ??s normas brasileiras e compat??vel com a Estrat??gia de Seguran??a da Informa????o e Comunica????es e de Seguran??a Cibern??tica da Administra????o P??blica Federal 2015 ??? 2018, vers??o 1.0. A revis??o de literatura revelou a car??ncia de estudos sobre governan??a de seguran??a da informa????o e comunica????o direcionados ?? Administra????o P??blica. Partindo da an??lise de conte??do, ?? luz de crit??rios espec??ficos, das normas emanadas do DSIC - Departamento de Seguran??a da Informa????o e Comunica????es da Presid??ncia da Rep??blica sobre o tema, da norma ABNT NBR ISO/IEC 27002:2013 e do modelo do NIST - National Institute of Standards and Technology, foi concebida uma proposta de modelo e submetida ?? avalia????o de especialistas (grupo focal) em SIC da APF. Os objetivos desta pesquisa foram atingidos e espera-se que esta sirva para promover e incentivar novos trabalhos sobre o tema.

Administra????o P??blica Federal

Proposta de Modelo de Governan??a

Gest??o do Conhecimento

Tecnologia da Informa????o