Scenarios for the implementation of information security policies in federal public universities

Authors

DOI:

https://doi.org/10.18225/ci.inf.v51i3.5558

Keywords:

Information security management, Information Security Policies, Strategic information, Prospective scenarios

Abstract

Information security policies are important rules for the efficient management of information in Federal Public Universities. In view of this context, this research aimed to prospect scenarios about the implementation of information security policies in federal public universities in the period between 2018 and 2022. Given the various methods of prospecting scenarios, for this research was chosen the method recommended by Michel Godet because of its structured method elaborated for exploratory scenarios and because of its set of software tools to assist the scenarios prospection. The research sought to apply two phases of the method: the first, structural analysis, that aimed at obtaining, complementarily, a complete representation of the system under study, as well as reducing the systemic complexity in key variables, through the MICMAC tool; the second phase, strategic analysis of actors, performed on the "engine" actors, the ones who command the key variables identified in the structural analysis. This phase was carried out with the support of the MACTOR tool. For the application of the proposed process, the following tools were used: brainstorming, expert consultation, bibliographic research and meetings. With the result of the structural analysis and the analysis of the strategies of the actors, three possible scenarios were designed on information security policies in federal public universities, showing trends or ruptures. In this way, conducting a survey on the implementation of these policies can assist administrations in building information security management processes based on governance models, aligned with trends without forgetting disruptions.

Downloads

Download data is not yet available.

Author Biographies

  • Wagner Junqueira de Araújo, University Federal of Paraíba - UFPB

    PHD in Information Science from the University of Brasília - UNB; Master in Information Science - UNB and Bachelor in Computer Science by University of Oeste Paulista. Professor of the Post Graduate Program in Information Science - PPGCI / UFPB. Professor of the Postgraduate Program in Management in Learning Organizations - PPGOA / UFPB. Associate Professor of the Department of Information Science, University Federal of Paraíba - UFPB.

  • Sueny Gomes Léda Araújo, Universidade Federal da Paraíba - UFPB

    PhD student in Information Science. Master's Degree in Information Science from the Graduate Program in Information Science of the Federal University of Paraíba-UFPB (2016). Degree in Social Communication - Public Relations from the Federal University of Paraíba (2002). Specialist in Information Unit Management by the UFPB.

  • Rafaela Romaniuc Batista, Universidade Federal da Paraíba - UFPB

    PhD student in Information Science - PPGCI/UFPB. Master in Information Science - PPGCI/UFPB. Graduated in Computer Science at the Federal University of Campina Grande (2006) and specialization in systems engineering at Escola Superior Aberta do Brasil (2010) . Tutor UAB/UFPB in Computer Science at Universidade Federal da Paraíba.

References

Associação Brasileira de Normas Técnicas. 2013. NBR ISO/IEC 27002: tecnologia da informação: técnicas de segurança: código de prática para a gestão da segurança da informação. Rio de Janeiro.

Barman, Scott. 2002. Writing information security polices. Indianapolis: New Riders.

BRASIL. Presidência da República. Gabinete de Segurança Institucional. Portaria nº 93, de 26 de setembro de 2019. Aprova o Glossário de Segurança da Informação. Diário Oficial da União, Brasília, DF, 01 out. 2019. Disponível em: <https://www.in.gov.br/en/web/dou/-/portaria-n-93-de-26-de-setembro-de-2019-219115663>. Acesso em: 30 dez. 2020.

BRASIL. Presidência da República. Gabinete de Segurança Institucional. Instrução Normativa no1, de 27 de maio de 2020. Dispõe sobre a Estrutura de Gestão da Segurança da Informação nos órgãos e nas entidades da administração pública federal. Diário Oficial da União, Brasília, DF, 28 mai. 2020. Disponível em: < https://www.in.gov.br/en/web/dou/-/instrucao-normativa-n-1-de-27-de-maio-de-2020-258915215>. Acesso em: 30 dez. 2020.


Fontes, Edison. 2012. Políticas e normas para a segurança da informação: como desenvolver, implementar e manter regulamentos para a proteção da informação nas organizações. Rio de Janeiro: Brasport.

Chiavenato, Idalberto. 2012. Administração Geral e Pública: Provas e Concursos, 3 ed. Rio de Janiero: Manole.

Godet, Michel, Phillippe Durance. 2011. A prospectiva estratégica. Paris: DUNOD-
Unesco - Fondation Prospective et Innovation.
Godet, Michel. 1993. Manual de prospectiva estratégica: da antecipação a acção. Lisboa: Publicações Dom Quichote.

Godet, Michel. 1994. From anticipation to action: a handbook of strategic prospective. Paris: Unesco.

Downloads

Published

31/12/2022

Issue

Vol. 51 No. 3 (2022)

Section

Articles

License

Copyright (c) 2022 Wagner Junqueira de Araújo, Sueny Gomes Léda Araújo, Rafaela Romaniuc Batista

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

  • This publication reserves the right to modify the original, regarding norms, spelling and grammar, in order to maintain the standards of the language, still respecting author writing style;
  • The final proofs will not be sent to the authors;
  • Published works become Ciência da Informação's property, their second partial or full print being subject to expressed authorization by IBICT's Director;
  • The original source of publicaton must be provided at all times;
  • The authors are solely responsible fo the views expressed within the article;
  • Each author will receive two hard copies of the issue, if made availalbe in print.