Suggestion of applicability of ISO for the improvement of data security in companies

Abstract

Suggestion of applicability of ISO to improve the security of company information. Elaborated through a bibliographic research to understand the concepts applied in the present work, adopting a quantitative research through a questionnaire. Research directed to professionals and university students of information technology, and to a random audience. A documentary research was also carried out to collect data in informal *institutions*. The following technical standards were adopted: NBR-ISO-27001, NBR-ISO-27002, NBR-ISO-27008, NBR-ISO-27036, with distinct characteristics and with the intention of being useful in suggesting the applicability of ISO in company procedures. It was possible to evaluate the reliability of the companies in relation to the security of their employee data. With the suggestion of applying the ISO to companies, it is possible to obtain a greater security, as well as a greater availability, with more efficient data exchange. The information security policy is established through rules, standards, and procedures, which must be used internally and externally, providing more reliability. Company employees will begin to carry out processes more efficiently within the organizations. Therefore, the suggestion of using the ISO for information security in companies becomes significantly important because it is one more contribution so that they can have rules to protect both their data and those of their employees.