Information security frameworks assisting GDPR compliance in bank industry

Detalhes bibliográficos
Autor(a) principal: Serrado, João Filipe Virtuoso
Data de Publicação: 2019
Tipo de documento: Dissertação
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10071/20193
Resumo: In the last years, with the consequent increase use of Information Technology (IT) by the population, we watched an increase in the collection and processing of data by the organizations, for various purposes, such as for example the necessary provision of services or marketing campaigns. As a result of the increase of data, there have been several attempts to steal the data to sell or request redemptions from organizations. This situation has shown that organizations as regards data protection and security do not all have the same degree of maturity, and a determining aspect is also that the existing legislation is not the most adequate for the level of IT use in the days of today. To address these issues, the European Union (EU) decided to create the General Data Protection Regulation (GDPR), which entered into force on May 25, 2018, applicable to all organizations dealing with personal data of citizens residing in the European Union. In effect, the organizations combine all their efforts for the implementation of this new regulation, so that fines for non-compliance are not applied. Based on the previous description and with base on a set of best practices and existing frameworks of information security existent currently in the market, this thesis aims to explore how can current IS frameworks help Banks comply with GDPR by mapping the requirements of the regulation with the practices of the frameworks. In a second phase, interviews will be conducted with professionals in the field, in a specific sector where there is more sensitivity for these topics, the bank industry.
id RCAP_9ed97e588b10b7ef1167b073cfd406ed
oai_identifier_str oai:repositorio.iscte-iul.pt:10071/20193
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Information security frameworks assisting GDPR compliance in bank industryGDPRData protectionInformation securityFrameworkProteção dos dadosSegurança da informaçãoRegulamentoLegislação comunitáriaSetor bancárioIn the last years, with the consequent increase use of Information Technology (IT) by the population, we watched an increase in the collection and processing of data by the organizations, for various purposes, such as for example the necessary provision of services or marketing campaigns. As a result of the increase of data, there have been several attempts to steal the data to sell or request redemptions from organizations. This situation has shown that organizations as regards data protection and security do not all have the same degree of maturity, and a determining aspect is also that the existing legislation is not the most adequate for the level of IT use in the days of today. To address these issues, the European Union (EU) decided to create the General Data Protection Regulation (GDPR), which entered into force on May 25, 2018, applicable to all organizations dealing with personal data of citizens residing in the European Union. In effect, the organizations combine all their efforts for the implementation of this new regulation, so that fines for non-compliance are not applied. Based on the previous description and with base on a set of best practices and existing frameworks of information security existent currently in the market, this thesis aims to explore how can current IS frameworks help Banks comply with GDPR by mapping the requirements of the regulation with the practices of the frameworks. In a second phase, interviews will be conducted with professionals in the field, in a specific sector where there is more sensitivity for these topics, the bank industry.Nos últimos anos com o consequente aumento do uso de Tecnologias de Informação (TI) pela população, assistimos a um aumento da recolha e tratamento dos dados por parte das organizações, destinando-se a diversos fins, como por exemplo, para a necessária prestação de serviços ou campanhas de marketing. Como consequência do aumento de dados, têm existido diversas tentativas de roubo dos mesmos para se vender ou pedir resgates às organizações. Esta situação tem revelado que as organizações no que respeita à segurança e proteção de dados nem todas têm o mesmo grau de maturidade, sendo que um aspeto também determinante é a legislação existente não ser a mais adequada para o nível de utilização das TI nos dias de hoje. Para colmatar estas falhas a União Europeia (UE) decidiu criar o Regulamento Geral de Proteção de Dados (RGPD), com entrada em vigor a 25 de maio de 2018, aplicável a todos as organizações que tratam dados pessoais de cidadãos residentes na União Europeia (EU). Com efeito as organizações conjugam todos os seus esforços para a implementação deste novo regulamento, de forma a que não sejam aplicadas multas por incumprimento ao mesmo. À imagem do que foi descrito anteriormente e com base num conjunto de boas práticas e frameworks existentes sobre segurança da informação atualmente no mercado, esta tese propõe explorar como os frameworks de segurança da informação podem ajudar os bancos a cumprir com o RGPD, através do mapeamento dos requisitos do regulamento com as práticas dos frameworks. Numa segunda fase realizar-se-á entrevistas com responsáveis na matéria, num setor específico onde existe mais sensibilidade no que toca a estes temas, o setor da banca.2020-03-24T17:08:55Z2019-11-29T00:00:00Z2019-11-292019-10info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10071/20193TID:202462072engSerrado, João Filipe Virtuosoinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-09T17:32:44Zoai:repositorio.iscte-iul.pt:10071/20193Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T22:14:42.278739Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Information security frameworks assisting GDPR compliance in bank industry
title Information security frameworks assisting GDPR compliance in bank industry
spellingShingle Information security frameworks assisting GDPR compliance in bank industry
Serrado, João Filipe Virtuoso
GDPR
Data protection
Information security
Framework
Proteção dos dados
Segurança da informação
Regulamento
Legislação comunitária
Setor bancário
title_short Information security frameworks assisting GDPR compliance in bank industry
title_full Information security frameworks assisting GDPR compliance in bank industry
title_fullStr Information security frameworks assisting GDPR compliance in bank industry
title_full_unstemmed Information security frameworks assisting GDPR compliance in bank industry
title_sort Information security frameworks assisting GDPR compliance in bank industry
author Serrado, João Filipe Virtuoso
author_facet Serrado, João Filipe Virtuoso
author_role author
dc.contributor.author.fl_str_mv Serrado, João Filipe Virtuoso
dc.subject.por.fl_str_mv GDPR
Data protection
Information security
Framework
Proteção dos dados
Segurança da informação
Regulamento
Legislação comunitária
Setor bancário
topic GDPR
Data protection
Information security
Framework
Proteção dos dados
Segurança da informação
Regulamento
Legislação comunitária
Setor bancário
description In the last years, with the consequent increase use of Information Technology (IT) by the population, we watched an increase in the collection and processing of data by the organizations, for various purposes, such as for example the necessary provision of services or marketing campaigns. As a result of the increase of data, there have been several attempts to steal the data to sell or request redemptions from organizations. This situation has shown that organizations as regards data protection and security do not all have the same degree of maturity, and a determining aspect is also that the existing legislation is not the most adequate for the level of IT use in the days of today. To address these issues, the European Union (EU) decided to create the General Data Protection Regulation (GDPR), which entered into force on May 25, 2018, applicable to all organizations dealing with personal data of citizens residing in the European Union. In effect, the organizations combine all their efforts for the implementation of this new regulation, so that fines for non-compliance are not applied. Based on the previous description and with base on a set of best practices and existing frameworks of information security existent currently in the market, this thesis aims to explore how can current IS frameworks help Banks comply with GDPR by mapping the requirements of the regulation with the practices of the frameworks. In a second phase, interviews will be conducted with professionals in the field, in a specific sector where there is more sensitivity for these topics, the bank industry.
publishDate 2019
dc.date.none.fl_str_mv 2019-11-29T00:00:00Z
2019-11-29
2019-10
2020-03-24T17:08:55Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10071/20193
TID:202462072
url http://hdl.handle.net/10071/20193
identifier_str_mv TID:202462072
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799134704525377536

Registros relacionados