EVALUATION OF INFORMATION SECURITY PROCESSES INTEGRATING THE CONTROLLERSHIP AND IT AREAS
| Autor(a) principal: | |
|---|---|
| Data de Publicação: | 2014 |
| Outros Autores: | , , |
| Tipo de documento: | Artigo |
| Idioma: | por |
| Título da fonte: | Revista Universo Contábil |
| Texto Completo: | https://ojsrevista.furb.br/ojs/index.php/universocontabil/article/view/4139 |
Resumo: | The Controllership is responsible for the support decision-making process in organizations and because of that, it needs to participate in the information security processes. Therefore, this study evaluated the way of applied information security processes by integrating the areas of Controllership and IT. Methodologically the work was characterized as a descriptive research in a quali-quanti process, considering the perception of respondents in 30 questions related to the proposed problem. A supplementary questionnaire was applied based on ISO / IEC 27002 standard implying causal explanation of areas of integration and definition of different categories of professionals when they deal information security. We developed a case study applied to data collection instruments related to questionnaires and interviews, content analysis in identifying the critical business processes and risks associated with information environment. Thus, it was possible to improve the operational processes of these two areas, reducing operational risks through different actions related with participation of users, creating teams, greater standardization, communication alignment, greater control in changing systems, improvements to policies and safety standards information, use of business intelligence tools, training, information integration and focus in core process. Finally, it responded to objective of evaluating information security processes by integrating the areas of Controllership and IT. |
| id |
FURB-5_32ee622d6536a2291d2e46f3b58d851e |
|---|---|
| oai_identifier_str |
oai:ojs.bu.furb.br:article/4139 |
| network_acronym_str |
FURB-5 |
| network_name_str |
Revista Universo Contábil |
| repository_id_str |
|
| spelling |
EVALUATION OF INFORMATION SECURITY PROCESSES INTEGRATING THE CONTROLLERSHIP AND IT AREASEVALUACIÓN DE PROCESOS DE SEGURIDAD DE INFORMACIÓN INTEGRANDO LAS ÁREAS DE CONTROLADORÍA Y TECNOLOGÍA DE LA INFORMACIÓNAVALIAÇÃO DE PROCESSOS DE SEGURANÇA DA INFORMAÇÃO INTEGRANDO AS ÁREAS DE CONTROLADORIA E TECNOLOGIA DA INFORMAÇÃOControllership. Information Technology. Information Security.Controladoría. Tecnología de la Información. Seguridad de información.ControladoriaTecnologia da InformaçãoSegurança da InformaçãoGestão da Informação.The Controllership is responsible for the support decision-making process in organizations and because of that, it needs to participate in the information security processes. Therefore, this study evaluated the way of applied information security processes by integrating the areas of Controllership and IT. Methodologically the work was characterized as a descriptive research in a quali-quanti process, considering the perception of respondents in 30 questions related to the proposed problem. A supplementary questionnaire was applied based on ISO / IEC 27002 standard implying causal explanation of areas of integration and definition of different categories of professionals when they deal information security. We developed a case study applied to data collection instruments related to questionnaires and interviews, content analysis in identifying the critical business processes and risks associated with information environment. Thus, it was possible to improve the operational processes of these two areas, reducing operational risks through different actions related with participation of users, creating teams, greater standardization, communication alignment, greater control in changing systems, improvements to policies and safety standards information, use of business intelligence tools, training, information integration and focus in core process. Finally, it responded to objective of evaluating information security processes by integrating the areas of Controllership and IT.La controladoría es responsable por informaciones que suportan el proceso de toma de decisiones en las organizaciones y debido a esto necesita participar de los procesos de seguridad de información. Así, esta investigación evaluó de manera aplicada los procesos de seguridad de información, integrando las áreas de Controladoría y Tecnología de Información. Metodológicamente el trabajo se caracterizó como una investigación descriptiva en un proceso cuali-cuanti que consideró la percepción de respondientes en 30 cuestiones relacionadas al problema propuesto. Ha sido aplicado un cuestionario complementar basado en la ISO/IEC 27002 infiriendo explicación causal de integración de áreas, bien como la definición de categorías de diferentes profesionales cuando tratan la seguridad de la información. Se ha desarrollado un estudio de caso aplicado con instrumentos de coleta de datos relacionados a cuestionarios y entrevistas, identificando en un análisis de contenido los procesos críticos de negocio e riesgo al ambiente de la información. De esta manera, ha sido posible perfeccionar los procesos operacionales de estas dos áreas, disminuyendo riesgos operacionales, a través de acciones conjuntas de participación de usuarios, creación de equipos, mayor sistematización, alineación en la comunicación, mayor control en la alteración de sistemas, perfeccionamiento de políticas y normas de seguridad de información, uso de herramienta de inteligencia organizacional, entrenamientos, integración de informaciones y foco en los procesos esenciales. Así, se ha atendido al objetivo principal de evaluar los procesos de seguridad de información integrando las áreas de controladoría y tecnología de información.A Controladoria é responsável por informações que apoiam o processo de tomada de decisão nas organizações e devido a isso necessita participar dos processos de segurança da informação. Por isto, esta pesquisa avaliou de maneira aplicada os processos de segurança da informação integrando as áreas de Controladoria e de TI. Metodologicamente o trabalho se caracterizou como uma pesquisa descritiva em um processo quali-quanti, considerando a percepção de respondentes em 30 questões relacionadas ao problema proposto. Foi aplicado um questionário complementar com base na norma ISO/IEC 27002 inferindo explicação causal de integração de áreas, bem como definição de categorias de diferentes profissionais quando tratam a segurança da informação. Desenvolveu-se um estudo de caso aplicado com instrumentos de coleta de dados relacionados a questionários e entrevistas, identificando na análise de conteúdo os processos críticos de negócio e riscos associados ao ambiente da informação. Assim, foi possível aprimorar os processos operacionais dessas duas áreas, diminuindo riscos operacionais, através de ações conjuntas de participação de usuários, criação de equipes, maior padronização, alinhamento da comunicação, maior controle na alteração de sistemas, aprimoramento de políticas e normas de segurança da informação, uso de ferramenta de business intelligence, treinamentos, integração de informações, foco nos processos essenciais. Dessa maneira se atendeu ao objetivo de avaliar processos de segurança da informação integrando as áreas de Controladoria e de TI.Universidade Regional de Blumenau2014-12-30info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersionapplication/pdfhttps://ojsrevista.furb.br/ojs/index.php/universocontabil/article/view/4139Revista Universo Contábil; v. 10 n. 4 (2014); 68-851809-33371809-3337reponame:Revista Universo Contábilinstname:Universidade Regional de Blumenau (FURB)instacron:FURBporhttps://ojsrevista.furb.br/ojs/index.php/universocontabil/article/view/4139/2847Schneider, Luiz CarlosVanti, Adolfo AlbertoCobo, AngelThomaz, João Luis Peruchenainfo:eu-repo/semantics/openAccess2015-09-10T13:51:14Zoai:ojs.bu.furb.br:article/4139Revistahttps://proxy.furb.br/ojs/index.php/universocontabil/PUBhttps://proxy.furb.br/ojs/index.php/universocontabil/oai||universocontabil@furb.br1809-33371809-3337opendoar:2015-09-10T13:51:14Revista Universo Contábil - Universidade Regional de Blumenau (FURB)false |
| dc.title.none.fl_str_mv |
EVALUATION OF INFORMATION SECURITY PROCESSES INTEGRATING THE CONTROLLERSHIP AND IT AREAS EVALUACIÓN DE PROCESOS DE SEGURIDAD DE INFORMACIÓN INTEGRANDO LAS ÁREAS DE CONTROLADORÍA Y TECNOLOGÍA DE LA INFORMACIÓN AVALIAÇÃO DE PROCESSOS DE SEGURANÇA DA INFORMAÇÃO INTEGRANDO AS ÁREAS DE CONTROLADORIA E TECNOLOGIA DA INFORMAÇÃO |
| title |
EVALUATION OF INFORMATION SECURITY PROCESSES INTEGRATING THE CONTROLLERSHIP AND IT AREAS |
| spellingShingle |
EVALUATION OF INFORMATION SECURITY PROCESSES INTEGRATING THE CONTROLLERSHIP AND IT AREAS Schneider, Luiz Carlos Controllership. Information Technology. Information Security. Controladoría. Tecnología de la Información. Seguridad de información. Controladoria Tecnologia da Informação Segurança da Informação Gestão da Informação. |
| title_short |
EVALUATION OF INFORMATION SECURITY PROCESSES INTEGRATING THE CONTROLLERSHIP AND IT AREAS |
| title_full |
EVALUATION OF INFORMATION SECURITY PROCESSES INTEGRATING THE CONTROLLERSHIP AND IT AREAS |
| title_fullStr |
EVALUATION OF INFORMATION SECURITY PROCESSES INTEGRATING THE CONTROLLERSHIP AND IT AREAS |
| title_full_unstemmed |
EVALUATION OF INFORMATION SECURITY PROCESSES INTEGRATING THE CONTROLLERSHIP AND IT AREAS |
| title_sort |
EVALUATION OF INFORMATION SECURITY PROCESSES INTEGRATING THE CONTROLLERSHIP AND IT AREAS |
| author |
Schneider, Luiz Carlos |
| author_facet |
Schneider, Luiz Carlos Vanti, Adolfo Alberto Cobo, Angel Thomaz, João Luis Peruchena |
| author_role |
author |
| author2 |
Vanti, Adolfo Alberto Cobo, Angel Thomaz, João Luis Peruchena |
| author2_role |
author author author |
| dc.contributor.author.fl_str_mv |
Schneider, Luiz Carlos Vanti, Adolfo Alberto Cobo, Angel Thomaz, João Luis Peruchena |
| dc.subject.por.fl_str_mv |
Controllership. Information Technology. Information Security. Controladoría. Tecnología de la Información. Seguridad de información. Controladoria Tecnologia da Informação Segurança da Informação Gestão da Informação. |
| topic |
Controllership. Information Technology. Information Security. Controladoría. Tecnología de la Información. Seguridad de información. Controladoria Tecnologia da Informação Segurança da Informação Gestão da Informação. |
| description |
The Controllership is responsible for the support decision-making process in organizations and because of that, it needs to participate in the information security processes. Therefore, this study evaluated the way of applied information security processes by integrating the areas of Controllership and IT. Methodologically the work was characterized as a descriptive research in a quali-quanti process, considering the perception of respondents in 30 questions related to the proposed problem. A supplementary questionnaire was applied based on ISO / IEC 27002 standard implying causal explanation of areas of integration and definition of different categories of professionals when they deal information security. We developed a case study applied to data collection instruments related to questionnaires and interviews, content analysis in identifying the critical business processes and risks associated with information environment. Thus, it was possible to improve the operational processes of these two areas, reducing operational risks through different actions related with participation of users, creating teams, greater standardization, communication alignment, greater control in changing systems, improvements to policies and safety standards information, use of business intelligence tools, training, information integration and focus in core process. Finally, it responded to objective of evaluating information security processes by integrating the areas of Controllership and IT. |
| publishDate |
2014 |
| dc.date.none.fl_str_mv |
2014-12-30 |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion |
| format |
article |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
https://ojsrevista.furb.br/ojs/index.php/universocontabil/article/view/4139 |
| url |
https://ojsrevista.furb.br/ojs/index.php/universocontabil/article/view/4139 |
| dc.language.iso.fl_str_mv |
por |
| language |
por |
| dc.relation.none.fl_str_mv |
https://ojsrevista.furb.br/ojs/index.php/universocontabil/article/view/4139/2847 |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.publisher.none.fl_str_mv |
Universidade Regional de Blumenau |
| publisher.none.fl_str_mv |
Universidade Regional de Blumenau |
| dc.source.none.fl_str_mv |
Revista Universo Contábil; v. 10 n. 4 (2014); 68-85 1809-3337 1809-3337 reponame:Revista Universo Contábil instname:Universidade Regional de Blumenau (FURB) instacron:FURB |
| instname_str |
Universidade Regional de Blumenau (FURB) |
| instacron_str |
FURB |
| institution |
FURB |
| reponame_str |
Revista Universo Contábil |
| collection |
Revista Universo Contábil |
| repository.name.fl_str_mv |
Revista Universo Contábil - Universidade Regional de Blumenau (FURB) |
| repository.mail.fl_str_mv |
||universocontabil@furb.br |
| _version_ |
1798945116779446272 |