Submitted by Automa??o e Estat?stica (sst@bczm.ufrn.br) on 2016-03-02T22:47:05Z
No. of bitstreams: 1
LarissaMayaraDaSilvaDamasceno_DISSERT.pdf: 2741470 bytes, checksum: fef6c2c3b4ab750a76247b0e3be5f8f4 (MD5) / Approved for entry into archive by Arlan Eloi Leite Silva (eloihistoriador@yahoo.com.br) on 2016-03-03T23:16:09Z (GMT) No. of bitstreams: 1
LarissaMayaraDaSilvaDamasceno_DISSERT.pdf: 2741470 bytes, checksum: fef6c2c3b4ab750a76247b0e3be5f8f4 (MD5) / Made available in DSpace on 2016-03-03T23:16:09Z (GMT). No. of bitstreams: 1
LarissaMayaraDaSilvaDamasceno_DISSERT.pdf: 2741470 bytes, checksum: fef6c2c3b4ab750a76247b0e3be5f8f4 (MD5)
Previous issue date: 2014-12-08 / Conselho Nacional de Desenvolvimento Cient?fico e Tecnol?gico - CNPq / A informa??o constitui um dos mais valiosos ativos estrat?gicos para a organiza??o. Por?m, o
ambiente organizacional em que ela est? inserida ? bastante complexo e heterog?neo, fazendo
surgir quest?es pertinentes ? Governan?a da tecnologia de informa??o (TI) e ? Seguran?a da
Informa??o. Estudos acad?micos e pesquisas de mercado apontam que a origem da maior parte
dos acidentes com os ativos de informa??o est? no comportamento pessoas da pr?pria
organiza??o ao inv?s de ataques externos. Tendo como base a promo??o da cultura de seguran?a
entre os usu?rios e a garantia da prote??o da informa??o em suas propriedades de
confidencialidade, integridade e disponibilidade, as organiza??es devem estabelecer sua
Pol?tica de Seguran?a da Informa??o (PSI). Essa pol?tica consiste em formalizar as diretrizes
em rela??o ? seguran?a dos recursos de informa??es corporativas, a fim de evitar que as
vulnerabilidades dos ativos sejam exploradas por amea?as e possam trazer consequ?ncias
negativas para os neg?cios. Mas, para a PSI ser eficaz, ? necess?rio que o usu?rio tenha
prontid?o para aceitar e seguir os procedimentos e normas de seguran?a. ? luz desse contexto,
o presente estudo tem como objetivo investigar quais s?o os motivadores extr?nsecos e
intr?nsecos que afetam a predisposi??o do usu?rio em estar em conformidade com as pol?ticas
de seguran?a da organiza??o. O referencial te?rico aborda tem?ticas referentes ? Governan?a
de TI, Seguran?a da Informa??o, Teoria da Dissuas?o, Motiva??o e Comportamento Pr?-social.
Foi criado um modelo te?rico a partir dos estudos de Herath e Rao (2009) e D?Arcy, Hovav e
Galletta (2009) que se baseiam na Teoria Geral da Dissuas?o e prop?em os seguintes fatores
influenciadores no cumprimento das Pol?tica: Severidade da Puni??o, Certeza de Detec??o,
Comportamento dos Pares, Cren?as Normativas, Efic?cia Percebida e Comprometimento
Moral. A pesquisa utilizou uma abordagem quantitativa, de car?ter descritivo. Os dados foram
coletados atrav?s da aplica??o de question?rios com 18 vari?veis com uma escala Likert de
cinco pontos que representavam os fatores influenciadores propostos pela teoria. A amostra foi
composta por 391 alunos ingressantes dos cursos do Centro de Ci?ncias Sociais Aplicadas da
Universidade Federal do Rio Grande do Norte. Para a an?lise dos dados, foram adotadas as
t?cnicas de An?lise Fatorial Explorat?ria, An?lise de Cluster hier?rquico e n?o hier?rquico,
Regress?o Log?stica e Regress?o Linear M?ltipla. Como principais resultados, destaca-se que
o fator severidade da puni??o ? o que mais contribui para o modelo te?rico e tamb?m influi na
divis?o da amostra entre usu?rios mais predispostos e menos predispostos. Como implica??o
pr?tica, o modelo de pesquisa aplicado permite que as organiza??es possam prever os usu?rios
menos predispostos e, com eles, realizar a??es de conscientiza??o e treinamento direcionadas e
redigir Pol?ticas de Seguran?a mais eficazes. / The information constitutes one of the most valuable strategic assets for the organization.
However, the organizational environment in which it is inserted is very complex and
heterogeneous, making emerging issues relevant to the Governance of information technology
(IT) and Information Security. Academic Studies and market surveys indicate that the origin of
most accidents with the information assets is the behavior of people organization itself rather
than external attacks. Taking as a basis the promotion of a culture of safety among users and
ensuring the protection of information in their properties of confidentiality, integrity and
availability, organizations must establish its Information Security Policy (PSI). This policy is
to formalise the guidelines in relation to the security of corporate information resources, in
order to avoid that the asset vulnerabilities are exploited by threats and can bring negative
consequences to the business. But, for the PSI being effective, it is required that the user have
readiness to accept and follow the procedures and safety standards. In the light of this context,
the present study aims to investigate what are the motivators extrinsic and intrinsic that affect
the willingness of the user to be in accordance with the organization's security policies. The
theoretical framework addresses issues related to IT Governance, Information Security, Theory
of deterrence, Motivation and Behavior Pro-social. It was created a theoretical model based on
the studies of Herath and Rao (2009) and D'Arcy, Hovav and Galletta (2009) that are based on
General Deterrence Theory and propose the following influencing factors in compliance with
the Policy: Severity of Punishment, Certainty of Detection, Peer Behaviour, Normative Beliefs,
Perceived Effectiveness and Moral Commitment. The research used a quantitative approach,
descriptive. The data were collected through a questionnaire with 18 variables with a Likert
scale of five points representing the influencing factors proposed by the theory. The sample was
composed of 391 students entering the courses from the Center for Applied Social Sciences of
the Universidade Federal do Rio Grande do Norte. For the data analysis, were adopted the
techniques of Exploratory Factor Analysis, Analysis of Cluster hierarchical and nonhierarchical,
Logistic Regression and Multiple Linear Regression. As main results, it is
noteworthy that the factor severity of punishment is what contributes the most to the theoretical
model and also influences the division of the sample between users more predisposed and less
prone. As practical implication, the research model applied allows organizations to provide
users less prone and, with them, to carry out actions of awareness and training directed and
write Security Policies more effective.
Identifer | oai:union.ndltd.org:IBICT/oai:repositorio.ufrn.br:123456789/19930 |
Date | 08 December 2014 |
Creators | Damasceno, Larissa Mayara da Silva |
Contributors | 24140392304, http://lattes.cnpq.br/1151025937054810, Santos, Ernani Marques dos, 22013377568, http://lattes.cnpq.br/5388965130432483, Sousa Neto, Manoel Veras de, 36566721487, http://lattes.cnpq.br/9316091869858841, Ramos, Anat?lia Saraiva Martins |
Publisher | Universidade Federal do Rio Grande do Norte, PROGRAMA DE P?S-GRADUA??O EM ADMINISTRA??O, UFRN, Brasil |
Source Sets | IBICT Brazilian ETDs |
Language | Portuguese |
Detected Language | English |
Type | info:eu-repo/semantics/publishedVersion, info:eu-repo/semantics/masterThesis |
Source | reponame:Repositório Institucional da UFRN, instname:Universidade Federal do Rio Grande do Norte, instacron:UFRN |
Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0026 seconds