| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| 3.37 MB | Adobe PDF |
Authors
Advisor(s)
Abstract(s)
A evolução tecnológica e a constante adequação do “negócio” dos organismos públicos às Tecnologias de Informação e Comunicação trazem desafios ambiciosos. O facto de os seus processos serem, cada vez mais, suportados nas redes e nos Sistemas de Informação, abre portas a riscos que podem comprometer ativos críticos. As necessidades de interoperabilidade entre sistemas de organismos públicos, ou entre estes e sistemas de entidades externas, são também crescentes. Por outro lado, o descontentamento social generalizado tem promovido o aumento dos ataques especificamente dirigidos às entidades públicas. Todos estes fatores reforçam assim a pertinência da reflexão sobre a temática da segurança na Administração Pública. É por isso essencial existir no Estado, de forma normalizada, mecanismos de prevenção e deteção de ameaças, capazes de conter eficazmente o risco, sem que para isso se tenha que afetar consideravelmente os orçamentos dos ministérios.
Após uma contextualização sobre os conceitos envolvidos, a dissertação apresentará um levantamento de ameaças atuais inerentes às redes de dados, exemplificando-as com eventos recentes. Serão reconhecidas vulnerabilidades genéricas existentes nas redes dos organismos e será resumido algum do trabalho já efetuado neste âmbito. Serão caracterizados controlos técnicos preventivos e detetivos considerados essenciais, justificando-se a sua importância e exemplificando-se a sua existência com produtos open-source. Será proposto um modelo de segurança, recomendando-se o posicionamento estratégico desses controlos em diferentes zonas de rede, consoante um conjunto de critérios. Serão apresentadas conclusões e identificadas vantagens da implementação do modelo, sugerindo-se ainda a continuidade destas melhorias em trabalhos futuros.
The technological evolution and the constant adaptation of the public organization’s “business” to the Communication and Information Technologies brings ambitious challenges. The fact that its processes increasingly supported in the data networks and the Information Systems, brings forth threats that may compromise critical assets. The interoperability needs between systems of public organizations, or between these and systems of external entities, are also increasingly larger. On the other hand, the generalized social dissatisfaction has been promoting the increase of attacks aimed specifically to the networks and systems of public entities. These events then buttress the relevance of the reflection on the theme of the Public Administration network security. It is therefore essential the existence in the State, in a normalized way, mechanisms of threat prevention and detection, able of efficiently containing the menace without considerately affecting the Ministry’s budgets. After a contextualization about the concepts discussed, the dissertation will present a mapping of some of the main current threats inherent to the data network, exemplifying them with recent events. There will also be identified, generically, existing vulnerabilities in the public organizations’ networks and it is abridged some of the already developed work in this ambit. It will characterize the preventive and detective technical controls deemed essential exemplifying its existence resorting to open-source products. It will be proposed a security model, being recommended the strategic positioning of those controls on different network areas, according to an array of criterions. Conclusions will also be presented and potential inherent advantages to the implementation of the model will be identified, existing also a suggestion of continuity of these improvements in future works
The technological evolution and the constant adaptation of the public organization’s “business” to the Communication and Information Technologies brings ambitious challenges. The fact that its processes increasingly supported in the data networks and the Information Systems, brings forth threats that may compromise critical assets. The interoperability needs between systems of public organizations, or between these and systems of external entities, are also increasingly larger. On the other hand, the generalized social dissatisfaction has been promoting the increase of attacks aimed specifically to the networks and systems of public entities. These events then buttress the relevance of the reflection on the theme of the Public Administration network security. It is therefore essential the existence in the State, in a normalized way, mechanisms of threat prevention and detection, able of efficiently containing the menace without considerately affecting the Ministry’s budgets. After a contextualization about the concepts discussed, the dissertation will present a mapping of some of the main current threats inherent to the data network, exemplifying them with recent events. There will also be identified, generically, existing vulnerabilities in the public organizations’ networks and it is abridged some of the already developed work in this ambit. It will characterize the preventive and detective technical controls deemed essential exemplifying its existence resorting to open-source products. It will be proposed a security model, being recommended the strategic positioning of those controls on different network areas, according to an array of criterions. Conclusions will also be presented and potential inherent advantages to the implementation of the model will be identified, existing also a suggestion of continuity of these improvements in future works
Description
Keywords
Administração pública Redes de dados Sistemas de informação Tecnologias de Informação e Comunicação Segurança Controlos técnicos Public administration Data networks Information systems Information and Communication Technologies Security Technical controls