Avaliação de processos de segurança da informação na integração das áreas de controladoria e de tecnologia da informação

Abstract

The information environment in organizations has been affected by the continuing evolution of technology and business environment. The Controllership, as responsible for the information systems that support decision making in organizations, should participate in the information security process. Therefore, this study investigated the processes of information security through the integration the areas of Controllership and Information Technology (IT). The research methodology is demonstrated as an exploratory case study of an applied nature. Even though the analyzes were based on graphs and tables, which (may) entails quantitative data, analysis techniques have predominantly been of qualitative nature from multiple sources of data collection such as questionnaires and interviews. Such interviews were treated with the aid of specific software that included the lexical analyzer. As a result of the study, we designed a framework that promotes the integration of the Controllership and IT areas in the evaluation of software implementation processes focused on the core business processes of the Company. The framework also includes the findings from a survey on the levels of protection and the maturity of the information security of IT processes which enables the analysis of possible risks associated with the protection practices of information security and IT Governance model adopted in organization. As a consequence of this paper, the working operational processes of these two areas and the controls of the information environment of the Company were improved.