Abstract :
This paper describes the implementation of a Management System of Information Security, presenting the procedures for privacy and information security, culminating in the achievement of an ISO 27001 Certification in a Data Center in a Public Sector in Brazil, The Data Center Prodesp, serving the government and 41 million citizens of the State of Sao Paulo. It discussed all aspects of legal, social and technical required for this implementation. We present a theoretical approach to the main concepts and methodologies used, like the concept PDCA (Plan-Do-Check-Act), to guarantee the privacy and information security to the topics discussed in this paper, that are: networks (wired and wireless), operating systems, hardware, use of encryption, treatment of threats, property rights and legal and criminal issues.
Keywords :
ISO standards; cryptography; data privacy; operating systems (computers); Data Center Prodesp; ISO 27001 Certification; encryption; information security; management system; operating systems; privacy; wired networks; wireless networks; Certification; Communication system security; Data privacy; Government; ISO standards; Information management; Information security; Law; Legal factors; Operating systems; Availability; Certification; Confidentiality; Integrity; Management; Policies;
