Gestão de segurança da informação: práticas utilizadas pelas instituições federais de ensino superior para implantação de política de segurança da informação

Abstract

Federal Institutions of Higher Education develop their academic and administrative activities based on their Planning. Each institution develops its rules of conduct that must be carried out by its information and communication security policies. However, in the last Survey of IT Governance in 2014, prepared by the Federal Audit Court, it was reported that only 51% of the Federal Public Administration fully adopted the security policy of information and communication. Considering that there are recommendations and guidelines of the Federal Government to institutionalize this policy in all organs of the Federal Public Administration, both direct and indirectly, this research aimed to identify the scenario where the Federal Higher Education Institutions regarding the existence and practices used to the design and implementation of information and communication security policy. The inductive method with a quantitative approach and documentary procedure was used, and a field study survey as data collection tool involving all federal institutions of higher education in Brazil was applied. At the end of the survey it was realized that the human factor is the most critical factor for success in the planning of Information Security Policy, especially the participation of the High Management. The research has shown the need to promote strategic actions of information security processes in government organizations, especially the Federal Institutions of Higher Education, concerning the implementation of Information Security Policy.