22 Maro 2017
Macroeconomia Microeconomia
1. Fim da Guerra Fria / Novo paradigma - Economia 1. A misso / objetivo das organizaes
2. A defesa dos Interesses Nacionais (concentrao 2. O processo de negcio
de esforos no desenvolvimento econmico). 3. Avaliao da ameaa
3. Advento da Internet (o mercado global passou a 4. Avaliao de risco
ser acessvel a todos - democratizao do consumo 5. A cibersegurana
e encurtamento da cadeia de comercializao) 6. O papel do decisor estratgico
4. A transformao dos mercados e dos 7. O papel do CISO
consumidores 8. O papel dos colaboradores (internos e externos)
5. Os novos mercados (legais e ilegais) / os novos
produtos (legais e ilegais) /os novos
consumidores / as novas ameaas
6. O papel dos Estados
a. A defesa do Interesse Nacional
b. Fiscalidade
c. Regulador dos mercados
d. Proteo do consumidor
Gross domestic product, deflator (Index)
European
European
The Digital Single Market strategy is made up of three policy areas or 'pillars:
Reinforcing trust and security in digital services and in the handling of personal data
The new EU Data protection rules, which entered into force in May 2016, are the basis for a review
of the e-Privacy directive.
Fonte: CGI
Threat
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions,
image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via
unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
Source: Glossary of Key Information Security Terms, eds. Richard Kissel, National Institute for Standards and Technology,
US Department of Commerce, NISTIR 7298, Revision 2, - 2013
The potential source of an adverse event.
Source: Glossary of Key Information Security Terms, eds. Richard Kissel, National Institute for Standards and Technology,
US Department of Commerce, NISTIR 7298, Revision 2, - 2013
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions,
image, or reputation), organizational assets, or individuals through an information system via unauthorized access,
destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to
successfully exploit a particular information system vulnerability.
Source: Glossary of Key Information Security Terms, eds. Richard Kissel, National Institute for Standards and Technology,
US Department of Commerce, NISTIR 7298, Revision 2, - 2013
risk
Definition: The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence,
as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated
consequences.
Adapted from: DHS Risk Lexicon, NIPP and adapted from: CNSSI 4009, FIPS 200, NIST SP 800-53 Rev 4,
SAFE-BioPharma Certificate Policy 2.5
risk analysis
Definition: The systematic examination of the components and characteristics of risk.
Extended Definition: The appraisal of the risks facing an entity, asset, system, or network, organizational
operations, individuals, geographic area, other organizations, or society, and includes determining the extent to
which adverse circumstances or events could result in harmful consequences.
Adapted from: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4
risk management
Definition: The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding,
transferring or controlling it to an acceptable level considering associated costs and benefits of any actions
taken.
Extended Definition: Includes: 1) conducting a risk assessment; 2) implementing strategies to mitigate risks; 3)
continuous monitoring of risk over time; and 4) documenting the overall risk management program.
From: DHS Risk Lexicon and Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4
The Global Risks Landscape 2016
Cybersecurity shall refer to security of cyberspace, where cyberspace itself refers to the set of links and
relationships between objects that are accessible through a generalised telecommunications network, and
to the set of objects themselves where they present interfaces allowing their remote control, remote access
to data, or their participation in control actions within that Cyberspace. Cybersecurity shall therefore
encompass the CIA paradigm for relationships and objects within cyberspace and extend that same CIA
paradigm to address protection of privacy for legal entities (people and corporations), and to address
resilience (recovery from attack).
Source: ENISA
Demasiados executivos vm a cibersegurana como uma funo das tecnologias de informao (TI).
Um ponto muito importante a compreender que a cibersegurana NO uma funo das TI.
Embora seja verdade que o departamento de TI que vai implementar as ferramentas e a tecnologia
usada para a proteger e defender o negcio, tudo o que a cibersegurana faz, ou falha a fazer, pode
cibersegurana compreensivo necessrio para reduzir o nvel de risco ciber do negcio. Sem
manter a viso estratgia e os planos de ao com vista a assegurar que os ativos tecnolgicos e
pessoas dentro da organizao so conscientes dos riscos e desenvolvem a sua atividade dentro
Auditoria de segurana;
Gesto do Risco;
Arquitectura de cibersegurana;
Sensibilizao interna;