Avaliação de desempenho na gestão de risco da tecnologia da informação na Universidade Tecnológica Federal do Paraná, Campus Pato Branco
The risk management of information technology in universities addresses aspects such as information security, reliability, availability, authenticity, and integrity of information. When dealing with this context, information is subject to risks that can harm management and individuals inserted in th...
| Autor principal: | Corrêa, Andressa Maria |
|---|---|
| Formato: | Dissertação |
| Idioma: | Português |
| Publicado em: |
Universidade Tecnológica Federal do Paraná
2022
|
| Assuntos: | |
| Acesso em linha: |
http://repositorio.utfpr.edu.br/jspui/handle/1/27238 |
| Tags: |
Adicionar Tag
Sem tags, seja o primeiro a adicionar uma tag!
|
| Resumo: |
The risk management of information technology in universities addresses aspects such as information security, reliability, availability, authenticity, and integrity of information. When dealing with this context, information is subject to risks that can harm management and individuals inserted in this context. Risks related to information technology can bring significant losses, such as personal data, research, institutional documents, as well as threats, theft of privacy, and exposure of sensitive data. In this sense, the main objective of this research was to develop a performance evaluation model for the risk management of information technology in a public university. First, a systematic review of the literature was carried out, using the intervention instrument Knowledge Development Process - Constructivist (ProKnow-C), and a bibliometric and systemic analysis was performed. The search resulted in 4 bibliographic portfolios, which helped to support and support the research. Such portfolios are risk management performance assessment (PB1), risk management performance assessment in universities (PB2), information technology risk management performance assessment in universities (PB3), and IT risk management. At the end of the search and analysis of the articles, an opportunity was identified, in view of a research gap, to develop a performance evaluation model for the risk management of information technology in a university, approaching a constructivist perspective. For the construction of the model, the intervention instrument called Multicriteria Decision Support Methodology – Constructivist (MCDA-C) was used. The model was developed at the Federal Technological University of Paraná – UTFPR, on the Pato Branco campus, with the campus information technology coordinator acting as a decision-maker. In summary, the main result of the research was the construction of the performance evaluation model in the risk management of information technology at the university, based entirely on the values of the decision-maker, through 80 evaluation criteria, divided into two larger areas of concern, Services and People Management. It was possible to identify the current performance situation of the context, which presented at a competitive level with 95.36 points, considering 0 points (neutral level) and 100 points (good level). In order to make improvements and promote a continuous improvement of the context, the descriptors that presented a compromising level were identified and action plans were prepared to improve the performance of each one. Five descriptors were identified at a compromising level and with the actions proposed by the decision-maker, an improvement in the global performance of the model was obtained, increasing from 95.36 to 99.13 points, closer to the level of excellence. In general terms, the practical implications of the model, the MCDA-C methodology proved to be efficient, because, in its problem structuring process, the research decision-maker identified the necessary and sufficient objectives to evaluate its context, and use it as a system of decision support, contributing to the continuous improvement of the context. As for theoretical implications, the research meets the need identified by the systemic analysis regarding the lack of research on this theme, which has constructivist characteristics. |
|---|