| dc.description.abstract | This Undergraduate Thesis (TCC) addresses the importance of risk management in Information and Communication Technology (ICT) companies and proposes a support structure to encourage the adoption of robust risk management methodologies. Initially, a comprehensive literature review was conducted to explore
major frameworks and standards such as PMBOK, PRINCE2, ISO 31000, NIST, and COBIT, highlighting their specific structures and focuses. Subsequently, a detailed proposal was presented to assist ICT companies in implementing these methodologies, emphasizing the benefits of asset protection, regulatory compliance,
business continuity, and competitive advantage. The research employed the bibliographic research technique to theoretically underpin the analysis and the proposed framework. The stages of defining the theme, identifying and selecting information sources, critical reading and analysis, synthesis of results, and citation of utilized sources were detailed. Additionally, related works were explored to provide a broader context and identify gaps in the existing literature. Suggestions for future research emphasize the importance of developing new technologies for risk management, creating robust governance policies and structures, and considering human and cultural aspects. The conclusion reaffirms the relevance of investing in effective risk management practices to ensure the success and sustainability of ICT companies. | pt_BR |
| dc.relation | ALFF, Chico. Análise de Requisitos. Disponível em:
https://analisederequisitos.com.br/autor/chicoalff/. Acesso em: 27 nov. 2023.
ANGELOU, George N.; ECONOMIDES, Anastasios A. A real options approach for
prioritizing ICT business alternatives: A case study from broadband technology
business field. Journal of the Operational Research Society, v. 58, n. 10, p. 1340-
1350, 2007. Disponível em:
https://www.tandfonline.com/doi/abs/10.1057/palgrave.jors.2602254. Acesso em: 10
jan. 2024.
AVEN, Terje. Risk assessment and risk management: Review of recent advances
on their foundation. European Journal of Operational Research, v. 253, n. 1, p. 1-
13, 2016. Disponível em:
https://www.sciencedirect.com/science/article/abs/pii/S0377221716302535. Acesso
em: 12 jun. 2024.
BOJANC, Rok; JERMAN-BLAZIC, Borka. An economic modelling approach to
information security risk management. International Journal of Information
Management, v. 28, n. 5, p. 413-422, 2008. Disponível em:
https://www.sciencedirect.com/science/article/pii/S026840120800070X. Acesso em:
5 jan. 2024.
CICCO, F.; FANTAZZINI, D. Tecnologias Consagradas de Gestão de Riscos. Revista
Brasileira de Gestão de Negócios, v. 5, n. 13, p. 47-58, 2003.
CRESWELL, J. W. Research Design: Qualitative, Quantitative, and Mixed Methods
Approaches. Thousand Oaks, CA: Sage Publications, 2014.
DE HAES, Steven; VAN GREMBERGEN, Wim; DEBRECENY, Roger S. COBIT 5
and enterprise governance of information technology: Building blocks and research
opportunities. Journal of Information Systems, v. 34, n. 1, p. 29-41, 2020.
Disponível em: https://aaajournals.org/doi/10.2308/isys-52564. Acesso em: 10 dez.
2023.
DE HAES, Steven; VAN GREMBERGEN, Wim; DEBRECENY, Roger S. COBIT
2019: New Concepts and Their Implementation. ISACA Journal, 2020. p. 18-25.
Disponível em: https://www.isaca.org/resources/isaca-journal/issues/2020/volume-5.
Acesso em: 12 jun. 2024.
DEAL, Terrence E.; KENNEDY, Allan A. Corporate Cultures: The Rites and
Rituals of Corporate Life. Reading: Addison-Wesley, 1982.
DADMARZ, Mohammad. Information Security Management: A Case Study of an
Information Security Culture Change Programme. In: Information Security
Management: Global Challenges in the New Millennium. Springer, 2019. p. 93-108.
Disponível em: https://link.springer.com/chapter/10.1007/978-3-030-15731-0_5.
Acesso em: 20 dez. 2023.
DITTMANN, L.; WOJCIK, R.; GELLER, J. Risk Management in Software
Development: A Case Study of IBM. Journal of Systems and Software, 170,
110736, 2020.
GARTNER. Gartner's IT Risk Management Framework. Disponível em:
https://www.gartner.com/en/documents/3977197/gartner-s-it-risk management- framework. Acesso em: 12 jun. 2024.
GIL, A. C. Métodos e técnicas de pesquisa social. São Paulo: Atlas, 2008.
HANSETH, Ole; CIBORRA, Claudio. Risk, complexity and ICT. Cheltenham:
Edward Elgar Publishing, 2007. Disponível em:
https://consensus.app/papers/risk complexity-hanseth/316abe57007a561e9e265031e3c5703d/?
utm_source=chatgpt. Acesso em: 13 jul. 2024.
HENDERSON, P. Enterprise Risk Management with Oracle: Aligning IT with
Business Objectives. Oracle White Paper, Oracle Corporation, 2018.
HILLSON, D. Practical Project Risk Management: The ATOM Methodology.
Management Concepts, 2019
HUBBARD, D.; SEIERSEN, R. How to Measure Anything in Cybersecurity Risk.
Wiley, 2016.
IBM. Disponível em: https://www.ibm.com/services. Acesso em: 16 jul. 2024.
ISACA. State of Enterprise Risk Management 2018. Disponível em:
https://www.isaca.org/bookstore/bookstore-wht_papers-digital/whpem. Acesso
em: 12 jun. 2024.
ISO. ISO 31000: Risk Management – Guidelines, 2018.
JONES, R.; ASHENDEN, D. Risk-Based Testing: Prioritizing Testing Efforts
Based on Risk Analysis. Journal of Software Testing, 2019.
LAKATOS, E. M.; MARCONI, M. de A. Fundamentos de metodologia científica.
São Paulo: Atlas, 2017.
LAKATOS, E. M.; MARCONI, M. de A. Técnicas de pesquisa. São Paulo: Atlas,
2003.
MEREDITH, J. R.; MANTEL, S. J. Managing Risk in Information Technology
Projects. Wiley Online Library, 2012. Acesso em: 29 ago. 2024.
NIST. Framework for Improving Critical Infrastructure Cybersecurity, 2018.
ORACLE. Disponível em: https://www.oracle.com/security.
PMI (Project Management Institute). A Guide to the Project Management Body of
Knowledge (PMBOK Guide), 2017.
PROJECT MANAGEMENT INSTITUTE. Pulse of the Profession: 2020. Disponível
em: https://www.pmi.org/learning/library/pulse-of-the-profession-2020-11972.
ROSS, Ron; MCEVILLEY, Michael; OREN, Janet. Systems Security
Engineering: Considerations for a Multidisciplinary Approach in the Engineering
of Trustworthy Secure Systems. NIST Special Publication, 800-160, 2018.
Disponível em: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-
160v1.pdf. Acesso em: 10 dez. 2023. | pt_BR |
| dc.description.resumo | Este Trabalho de Conclusão de Curso (TCC) aborda a importância do gerenciamento de riscos em empresas de Tecnologia da Informação e Comunicação (TIC) e propõe uma estrutura de suporte para incentivar a adoção de
metodologias robustas de gerenciamento de riscos. Inicialmente, uma revisão abrangente da literatura foi realizada para explorar os principais frameworks e padrões, como PMBOK, PRINCE2, ISO 31000, NIST e COBIT, destacando suas estruturas e enfoques específicos. Em seguida, foi apresentada uma proposta detalhada para auxiliar as empresas de TIC na implementação dessas metodologias, enfatizando os benefícios de proteção de ativos, conformidade regulatória, continuidade dos negócios e vantagem competitiva. A pesquisa utilizou
a técnica de pesquisa bibliográfica para fundamentar teoricamente a análise e a proposta apresentada. Foram detalhadas as etapas de definição do tema, identificação e seleção de fontes de informação, leitura e análise crítica, síntese dos resultados e citação das fontes utilizadas. Além disso, trabalhos relacionados foram
explorados para fornecer um contexto mais amplo e identificar lacunas na literatura existente. As sugestões para pesquisas futuras destacam a importância de desenvolver novas tecnologias para a gestão de riscos, criar políticas e estruturas de governança robustas e considerar aspectos humanos e culturais. A conclusão
reafirma a relevância do investimento em práticas eficazes de gerenciamento de riscos para garantir o sucesso e a sustentabilidade das empresas de TIC. | pt_BR |
