EVALUATION OF INFORMATION SECURITY PROCESSES INTEGRATING THE CONTROLLERSHIP AND IT AREAS

Authors

  • Luiz Carlos Schneider FACEB - FACULDADE CENECISTA DE BENTO GONÇALVES - RS
  • Adolfo Alberto Vanti UNISINOS
  • Angel Cobo Universidade de Cantabria - Espanha
  • João Luis Peruchena Thomaz URCAMP

Keywords:

Controllership. Information Technology. Information Security.

Abstract

The Controllership is responsible for the support decision-making process in organizations and because of that, it needs to participate in the information security processes. Therefore, this study evaluated the way of applied information security processes by integrating the areas of Controllership and IT. Methodologically the work was characterized as a descriptive research in a quali-quanti process, considering the perception of respondents in 30 questions related to the proposed problem. A supplementary questionnaire was applied based on ISO / IEC 27002 standard implying causal explanation of areas of integration and definition of different categories of professionals when they deal information security. We developed a case study applied to data collection instruments related to questionnaires and interviews, content analysis in identifying the critical business processes and risks associated with information environment. Thus, it was possible to improve the operational processes of these two areas, reducing operational risks through different actions related with participation of users, creating teams, greater standardization, communication alignment, greater control in changing systems, improvements to policies and safety standards information, use of business intelligence tools, training, information integration and focus in core process. Finally, it responded to objective of evaluating information security processes by integrating the areas of Controllership and IT.

Downloads

Download data is not yet available.

Author Biographies

Luiz Carlos Schneider, FACEB - FACULDADE CENECISTA DE BENTO GONÇALVES - RS

  • Professor de Ciências Contábeis pela Faculdade Cenecista de Bento Gonçalves - RS

Adolfo Alberto Vanti, UNISINOS

  • Professor do Programa de Pós-Graduação em Ciências Contábeis da UNISINOS

Angel Cobo, Universidade de Cantabria - Espanha

  • Professor no Departamento de Matemática Aplicada da Universidade de Cantabria

João Luis Peruchena Thomaz, URCAMP

  • Professor de Ciências Contábeis pela URCAMP - RS

References

ARAÚJO, W.J. A segurança do conhecimento nas práticas da gestão da segurança da informação e da gestão do conhecimento. Tese (Doutorado em Ciência da Informação). UNB, Brasília, DF, 2009.

ASSOCIAÇÃO BRASILEIRA DE NORMAS TÉCNINCAS (ABNT). Norma brasileira ISO/IEC 27002, 2007. Rio de Janeiro: ABNT, 2007.

ATKINSON, A. A., BANKER, R. D., KAPLAN, R. S., YOUNG, S. M. Contabilidade gerencial. 3. ed., São Paulo: Atlas, 2008.

BORINELLI, M.L. Estrutura Conceitual básica de controladoria: sistematização à luz da teoria e da práxis. Tese (Doutorado em Controladoria e Contabilidade). USP, São Paulo, SP, 2006.

BULGURCU, B.; CAVUSOGLU, H.; BENBASAT, I. Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly Executive, v. 34, n. 3 Set. 2010. ISSN 1540-1960.

CARMEN, A.A.; CORINA, G. A strategic approach of management accounting. Annals of the University of Oradea, Economic Science Series, v. 18 n. 3, p. 736-741, 2009. ISSN: 1582-5440.

COLLINS, J.; HUSSEY, R. Pesquisa em administração. 2° ed. Porto Alegre: Bookman, 2005.

COMITE DE PRONUNCIAMENTOS CONTÁBEIS (CPC). Pronunciamento conceitual básico – Estrutura conceitual para a elaboração e apresentação das demonstrações contábeis, 2008. Disponível em: <http://www.cpc.org.br>. Acesso em: 26 nov. 2010.

ELOFF, J.; ELOFF, M. Information security management – A new paradigm. In: 2003 annual research conference of the South African. Institute of computer scientists and information technologists on enablement through technology, 2003, p.130-136. Proceedings…, 2003. DOI: 10.1145/180921.2180933. ISBN:1-58113-774-5.

ITGI: Information Technology Governance Institute. CobiT 4.1 modelo, objetivos de controle, diretrizes de gerenciamento e modelos de maturidade, 2007. Disponível em: <http://www.isaca.org/Knowledge-Center/cobit/Documents/cobit41-portuguese.pdf>. Acesso em: 28 fev. 2011.

ISO/IEC27002. Tecnologia da Informação – Código de prática para a gestão da segurança da informação. Rio de Janeiro: Associação Brasileira de Normas Técnicas, 2007.

KAYWORTH, T.; WHITTEN, D. Effective information security requires a balance of social and technology factors. MIS Quarterly Executive, v. 9, Set.2010. ISSN 1540-1960.

LAUDON, K. C.; LAUDON, J. P. Sistemas de Informação Gerenciais. 7. ed. São Paulo: Pearson, 2007.

MARTIN, N.C.; SANTOS, L.R.; DIAS, J.M. Governança empresarial, riscos e controles internos: A emergência de um novo modelo de controladoria. Revista Contabilidade e Finanças, n. 34, p. 7, jan./abr. 2004. ISSN: 1808-057X. http://dx.doi.org/10.1590/S1519-70772004000100001

MITHAS, S.; RAMASUBBU, N.; SAMBAMURTHY, V. How information management capability influences firm performance. MIS Quarterly Executive, v. 35, n. 1, Mar. 2011. ISSN 1540-1960.

O’BRIEN, J. A.; MARAKAS, G. M. Administração de Sistemas de Informação: uma introdução. São Paulo, SP: McGraw-Hill, 2007.

SAATY, The Analytical Hierarchy Process: Planning, Priority Setting, Resource Allocation. Mc Graw-Hill, New York, 1980.

SCHNEIDER, L.C. Avaliação de processos de segurança da informação na integração das áreas de controladoria e de tecnologia da informação, 2012. Disponível em: <http://biblioteca.asav.org.br/vinculos/000000/0000006F.pdf>. CDU 005.922.1.

SPEARS, J.L.; BARKI, H. User participation information systems security risk management. MIS Quarterly Executive, v. 34, n. 3 Set. 2010. ISSN 1540-1960.

YIN, R. K. Estudo de caso – Planejamento e métodos. 4ª ed. Porto Alegre: Bookman, 2010.

YOUNG, R. F.; WINDSOR J. Empirical evaluation of information security planning and integration. Communications of the Association for Information Systems, v. 26, Mar. 2010. ISSN: 1529-3181.

VANTI, A. A.; COBO, A.; ROCHA, R. Avaliação de modelo de governança de TI com o uso de FAHP. In: CONTECSI, São Paulo, 2011. Anais…, USP, 2011.

WILKIN, C.; CHENHALL, T.; A review of IT Governance: A Taxonomy to inform Accounting Information Systems. Journal of Information Systems. v. 24, n. 2, p.107-146, 2010. DOI: 10.2308/isys-50922.

Downloads

Published

2014-12-30

How to Cite

Schneider, L. C., Vanti, A. A., Cobo, A., & Thomaz, J. L. P. (2014). EVALUATION OF INFORMATION SECURITY PROCESSES INTEGRATING THE CONTROLLERSHIP AND IT AREAS. Revista Universo Contábil, 10(4), 68–85. Retrieved from https://ojsrevista.furb.br/ojs/index.php/universocontabil/article/view/4139

Issue

Vol. 10 No. 4 (2014)

Section

National Section

License

The copyright for papers published in this journal belong to the author, with rights of first publication for the journal. As the papers appears in this publicly accessed journal, the papers are for free use, receiving their credit, in educational and non-commercial uses. The journal will allow the use of the papers published for non-commercial purposes, including the right to send the paper to publicly accessed databases.