Aligning Information Security with the Image of the Organization and Prioritization Based on Fuzzy Logic for the Industrial Automation Sector

Authors

  • André Marcelo Knorst Coester Automação Ltda
  • Adolfo Alberto Vanti UNISINOS
  • Rafael Alejandro Espín Andrade Universidade Técnica de Havana
  • Silvio Luiz Johann Fundação Getúlio Vargas

DOI:

https://doi.org/10.4301/s1807-17752011000300003

Keywords:

security, information, organizational culture, images, compensatory fuzzy logic

Abstract

This paper develops the strategic alignment of organizational behavior through the organizations´ image, prioritization and information security practices. To this end, information security is studied based on the business requirements of confidentiality, integrity and availability by applying a tool which integrates the strategic, tactical and operational vision through the following framework: Balanced Scorecard - BSC (strategic) x Control Objectives for Information and Related Technology - COBIT (tactical) x International Organization for Standardization - ISO/International Electro Technical Commission - IEC27002 (operational). Another image instrument of the organization is applied in parallel with this analysis to identify and analyze performance involving profiles related to mechanistic, psychic prisons, political systems, instruments of domination, organisms, cybernetics, flux and transformation (MORGAN, 1996). Finally, a model of strategic prioritization, based on compensatory fuzzy logic (ESPIN and VANTI, 2005), is applied. The method was applied to an industrial company located in southern Brazil. The results with the application show two organizational images: "organism" and "flux and transformation ". The strategic priorities indicated a significant search for new business services and international markets. Regarding protection of information, security found the gap between "minimum" and "Reasonable" and in domain 8 (HR) of standard ISO/IEC27002, considered 71% protection as "inappropriate" and "minimal" in the IT Governance context.

Author Biographies

André Marcelo Knorst, Coester Automação Ltda

André Marcelo Knorst,Gerente de TI-CoesterAutomação Ltda. Mestre em Administração – UNISINOS, Bacharel em Sistemas de Informação – UNISINOS.

Adolfo Alberto Vanti, UNISINOS

Adolfo Alberto Vanti, Doutor em Direção de Empresas Universidade de DEUSTO – País Vasco – Espanha. Professor Titular do Programa de Doutorado e Mestrado em Administração e do Mestrado em Ciências Contábeis da Unisinos

Rafael Alejandro Espín Andrade, Universidade Técnica de Havana

Rafael Alejandro Espín Andrade, Professor Titular do Centro de Estudos de Tecnologia de Direção da Universidade Técnica de Havana. Matemático e Doutor em Engenharia - Tribunal Nacional Científico de Cuba.

Silvio Luiz Johann, Fundação Getúlio Vargas

Silvio Luiz Johann, Fundação Getúlio Vargas

Downloads

Published

2011-12-28

How to Cite

Knorst, A. M., Vanti, A. A., Andrade, R. A. E., & Johann, S. L. (2011). Aligning Information Security with the Image of the Organization and Prioritization Based on Fuzzy Logic for the Industrial Automation Sector. Journal of Information Systems and Technology Management, 8(3), 555–580. https://doi.org/10.4301/s1807-17752011000300003

Issue

Vol. 8 No. 3 (2011)

Section

Articles

License

Terms and Conditions The articles are author's responsibility. The publisher allows the author(s) to hold the copyright without restrictions and to retain publishing rights without restrictions. When submitting an article to JISTEM, authors are responsible for acknowledge and list any conflict of interest and financial support that may have influenced on the research results. Authors are required to sign an official copyright form. CC licensing You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material for any purpose, even commercially. The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits. Notices: You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation. No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material. The aim of the Directory of Open Access Journals is to increase the visibility and ease of use of open access scientific and scholarly journals thereby promoting their increased usage and impact. The articles have free availability on the public internet, permitting any users to read, download, copy, distribute, print, search, or link to the full texts of these articles Creative Commons License http://creativecommons.org/licenses/by/4.0/ Al papers are licensed under a Creative Commons Attribution 4.0 International License. Journal's policy of screening for plagiarism: Plagiarism is strictly forbidden, and by submitting the article for publication the authors agree that the publishers have the legal right to take appropriate action against the authors, if plagiarism or fabricated information is discovered.