Advisor(s)
Abstract(s)
Este trabalho pretende demonstrar que as políticas de gestão de uma organização podem ter
influência directa na segurança de informação, não bastando apenas o recurso à tecnologia
para a sua eficaz protecção.
Neste sentido a Gestão do Conhecimento pode contribuir positivamente, tendo em conta o
desenvolvimento e a autonomia dos indivíduos que integram e constituem a organização,
estimulando a partilha da informação, a partilha do conhecimento e a aprendizagem. A
cultura organizacional tem um papel determinante na partilha do conhecimento e na definição de poderes.
É neste contexto que a Gestão de Incidentes pode contribuir com a detecção, registo e
investigação de incidentes que podem auxiliar à mitigação de riscos, contribuindo para a
inexistência de falhas parciais ou mesmo totais.
As políticas de gestão como incentivos ou recriminações às notificações de incidentes, assim
como a atribuição de recursos apropriados às investigações destes, podem ter resultados
surpreendentes e promissores espelhados neste trabalho, através do estudo de variáveis
comportamentais de gestão num modelo de simulação dinâmica.
The purpose of this paper is to demonstrate that the policies of management in an organization can have a direct influence in the security of information, and that the technology by itself is not enough to provide an efficient means of protection. In this sense, Knowledge Management can give a positive contribution, considering the evolution and the autonomy of the individuals that constitute the organization, stimulating the sharing of information, the sharing of knowledge and learning. The organizational culture has a decisive role in sharing the knowledge and defining powers. It is in this context that Incident Management can contribute by detecting, registering and investigating incidents that might help minimizing risks and having a minimum of partial faults, or even total faults. Management policies as incentives or recriminations of incidents notifications, along with the appropriate attribution of adequate resources when investigating them, can have surprising and promising results, as we show in this paper through the study of management behavioral variables in a model of dynamic simulation.
The purpose of this paper is to demonstrate that the policies of management in an organization can have a direct influence in the security of information, and that the technology by itself is not enough to provide an efficient means of protection. In this sense, Knowledge Management can give a positive contribution, considering the evolution and the autonomy of the individuals that constitute the organization, stimulating the sharing of information, the sharing of knowledge and learning. The organizational culture has a decisive role in sharing the knowledge and defining powers. It is in this context that Incident Management can contribute by detecting, registering and investigating incidents that might help minimizing risks and having a minimum of partial faults, or even total faults. Management policies as incentives or recriminations of incidents notifications, along with the appropriate attribution of adequate resources when investigating them, can have surprising and promising results, as we show in this paper through the study of management behavioral variables in a model of dynamic simulation.
Description
Keywords
Segurança Gestão de incidentes Informação Risco Sistemas dinâmicos Security Incidents management Information Risk Dynamic systems