Portal de Programas de Pós-Graduação (UFBA)

SIGAA - Sistema Integrado de Gestão de Atividades Acadêmicas

NPGA-P PROGRAMA DE PÓS-GRADUAÇÃO EM ADMINISTRAÇÃO (NPGA-P) ESCOLA DE ADMINISTRAÇÃO Phone: Not available E-mail: danielamoscon@ufba.br https://posgraduacao.ufba.br/npga-p

Banca de DEFESA: NAIRA MARIA DA SILVA DUARTE

Uma banca de DEFESA de MESTRADO foi cadastrada pelo programa.
DISCENTE : NAIRA MARIA DA SILVA DUARTE
DATA : 08/11/2021
HORA: 14:30
LOCAL: Videoconfêrencia
TÍTULO:

The understanding of IT professionals regarding the general law on the protection of personal data and its implications for organizations.

PALAVRAS-CHAVES:

Information Security. Data Protection. Law. Compliance.

PÁGINAS: 186
GRANDE ÁREA: Ciências Sociais Aplicadas
ÁREA: Administração
RESUMO:

Technological evolution is based on bringing countries and societies closer together, facilitating communication, reducing distances and bringing cultural differences closer together. However, the collection and manipulation of data through technological resources make possible the misuse and abuse by people and organizations. Information vulnerability is a social issue, and as such; requires greater control over information security policies. However, the current controls are not enough to prevent the abuses that the digital world provides. In increasingly connected environments, legal controls and regulations are essential to avoid the arbitrariness that the discriminatory use of information can generate for organizations and/or individuals. Considering the excessive use of information, countries have instituted laws and rights that support the use and control of collected personal data. In Brazil, the requirements of Law 13.709 of 2018, known as the General Law for the Protection of Personal Data (LGPD), involve different changes in approach to an organization's information security measures. Subject to the requirements of the law, public, private and parastatal organizations need to consider these changes in their technological infrastructure and information security, in addition to other control measures through information security policies to ensure the protection of personal data, with a view to right to privacy of its customers, employees, partners and suppliers, considering that compliance with the law is based on processes, people and tools. The adaptation of Organizations to the legal requirements as an instrument of control and monitoring of personal data requires restrictive measures of the Information Security Policy, for this, it is necessary to verify the understanding of IT professionals regarding risk management in the inappropriate use of data and the new roles and responsibilities that the law defines, transparency, dissemination of knowledge in organizations, regulations and information treatment, observing the ethical issues of IT professionals with regard to the privacy of personal data under their custody and responsibility. This work aims to identify how IT professionals understand the requirements of the LGPD and its implications for organizations, in addition to the need to adopt information security controls. Thus, quantitative and qualitative surveys were applied, through a Survey survey with approximately 70 IT managers evaluating the impacts of LGPD on data controls in their organizations. After tabulation and statistical analysis of the research, the results were presented in a Focus Group mediated in an interview through the Teams tool, with the participation of 16 IT Managers, where opinions and considerations regarding the result of the applied research were exposed. At the end of this work, with the consolidated diagnoses, evaluations were carried out considering the research assumptions, which showed that the understanding and awareness of IT professionals are relevant to the adjustments required by law regarding information security in organizations. The work exposed the possible impacts, in addition to the opportunities that the adaptation of Law 13.709/2018 may generate in the governance of information technology (GTI), complying with the criteria and controls of Information Security (SI), on the responsibility of IT in the that aiming at mitigating risks and reducing the vulnerabilities of personal data processed in organizations.

MEMBROS DA BANCA:
Externo à Instituição - ADRIANO SANTOS ROCHA SILVA - UFS
Presidente - 728.879.075-49 - ANTONIO EDUARDO DE ALBUQUERQUE JUNIOR - Fiocruz-Ba
Interno - 1316015 - ERNANI MARQUES DOS SANTOS

Notícia cadastrada em: 05/11/2021 19:23