Title :
Maturity analysis of information access control in an organization
Author :
Favacho de Araujo, Aleteia Patricia ; von Paumgartten, Paulo Franklin ; de Carvalho Fonseca, Augusto Cesar
Author_Institution :
Dept. de Comput. - CIC, Univ. de Brasilia - UnB, Brasília, Brazil
Abstract :
Even an organization that does not know IT as its core business invest in actions that seek to increase the information security to achieve their strategic objectives. The information access control appears as one of the pillars to ensure the information security. Internationally adopted standards such as ISO/IEC 27002, and libraries of best practices such COBIT emerge as a source of knowledge but are not methodologies that indicate action to be taken. This study sought to correlate these standards to evaluate the maturity of processes and controls of information access control in an organization. A survey applied to organization analysts was added to this methodology and showed a low degree of maturity of these controls and mapped the need to develop basic standards as an Information Security Policy and operational standards, as a way to reduce the uncontrolled and inappropriate use of IT resources of the organization. These vulnerabilities pose a threat to organization strategic information security.
Keywords :
IEC standards; ISO standards; authorisation; business data processing; organisational aspects; COBIT; ISO-IEC 27002; IT resources; information access control; information security policy; maturity analysis; operational standards; organization analysts; organization strategic information security; Computer aided instruction; IEC standards; ISO standards; Monitoring; Organizations; Process control; Standards organizations; Access Control; COBIT; Information Security; Maturity Model; NBR ISO/IEC 27002; Process Maturity;
Conference_Titel :
Information Systems and Technologies (CISTI), 2013 8th Iberian Conference on
Conference_Location :
Lisboa
