Privacy and Information Security in Brazil? Yes, We Have It and We Do It!

Author

Gonçalves, Joel Mana

Author_Institution

Prodesp- Cia. de Processamento de Dados do Estado de Sao Paulo, Taboão da Serra, Brazil

fYear

2010

fDate

12-14 April 2010

Firstpage

702

Lastpage

707

Abstract

This paper describes the implementation of a Management System of Information Security, presenting the procedures for privacy and information security, culminating in the achievement of an ISO 27001 Certification in a Data Center in a Public Sector in Brazil, The Data Center Prodesp, serving the government and 41 million citizens of the State of Sao Paulo. It discussed all aspects of legal, social and technical required for this implementation. We present a theoretical approach to the main concepts and methodologies used, like the concept PDCA (Plan-Do-Check-Act), to guarantee the privacy and information security to the topics discussed in this paper, that are: networks (wired and wireless), operating systems, hardware, use of encryption, treatment of threats, property rights and legal and criminal issues.

Keywords

ISO standards; cryptography; data privacy; operating systems (computers); Data Center Prodesp; ISO 27001 Certification; encryption; information security; management system; operating systems; privacy; wired networks; wireless networks; Certification; Communication system security; Data privacy; Government; ISO standards; Information management; Information security; Law; Legal factors; Operating systems; Availability; Certification; Confidentiality; Integrity; Management; Policies;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Technology: New Generations (ITNG), 2010 Seventh International Conference on

Conference_Location

Las Vegas, NV

Print_ISBN

978-1-4244-6270-4

Type

conf

DOI

10.1109/ITNG.2010.125

Filename

5501649