INFORMATION SECURITY: CHALLENGES, PRINCIPLES AND PRACTICES IN THE CONTEMPORARY DIGITAL SCENARIO
DOI:
https://doi.org/10.56238/arev7n12-315Keywords:
Information Security, Cybersecurity, Data Protection, Digital RisksAbstract
Information Security constitutes a strategic field for the protection of data and technological assets in public and private organizations, as well as for personal use. With the increasing digitalization of social, economic, and political interactions, the risks associated with intrusions, fraud, leaks, and disinformation become broader and more sophisticated. Emerging technologies, such as cloud computing, IoT devices, and artificial intelligence, increase the efficiency of processes but also expand the attack surface and dependence on digital systems. In this scenario of constantly evolving threats, Information Security ceases to be merely a technical responsibility and becomes integrated into organizational governance, involving protection policies, risk management, legal compliance, and continuous user training. Thus, this study discusses essential mitigation principles, challenges, and practices, aligned with the best international standards and guidelines, such as ISO/IEC 27001, highlighting the importance of awareness as a fundamental element for building safer and more resilient digital environments.
Downloads
References
ASSOCIAÇÃO BRASILEIRA DE NORMAS TÉCNICAS (ABNT). NBR ISO/IEC 27001: Segurança da informação, segurança cibernética e proteção de privacidade — Sistemas de gestão da segurança da informação — Requisitos. Rio de Janeiro: ABNT, 2022.
BEAL, Adriana. Segurança da informação: princípios e melhores práticas para a proteção dos ativos de informação nas organizações. São Paulo: Atlas, 2008.
BRASIL. Lei nº 13.709, de 14 de agosto de 2018. Lei Geral de Proteção de Dados Pessoais (LGPD). Brasília, DF: Presidência da República, 2018. Disponível em: http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm. Acesso em: 03 dez. 2025.
CERT.br. Cartilha de Segurança para Internet. 2. ed. São Paulo: Comitê Gestor da Internet no Brasil, 2012. Disponível em: https://cartilha.cert.br/. Acesso em: 03 dez. 2025.
GIL, Antonio Carlos. Métodos e técnicas de pesquisa social. 6. ed. São Paulo: Atlas, 2008.
KIM, David; SOLOMON, Michael G. Fundamentals of Information Systems Security. 2. ed. Burlington: Jones & Bartlett Learning, 2014.
MITNICK, Kevin D.; SIMON, William L. A arte de enganar: ataques de hackers: controlando o fator humano na segurança da informação. São Paulo: Pearson Makron Books, 2003.
NAKAMURA, Emilio Tissato; GEUS, Paulo Lício de. Segurança de redes em ambientes cooperativos. São Paulo: Novatec Editora, 2007.
NIST. National Institute of Standards and Technology. Framework for Improving Critical Infrastructure Cybersecurity. Version 1.1. Gaithersburg: NIST, 2018.
PFLEEGER, Charles P.; PFLEEGER, Shari Lawrence. Security in Computing. 4. ed. Upper Saddle River: Prentice Hall, 2006. DOI: https://doi.org/10.1109/MSP.2006.111
SCHNEIER, Bruce. Secrets and Lies: Digital Security in a Networked World. New York: John Wiley & Sons, 2000.
STALLINGS, William. Criptografia e segurança de redes: princípios e práticas. 6. ed. São Paulo: Pearson Education do Brasil, 2015.
TANENBAUM, Andrew S.; WETHERALL, David J. Redes de computadores. 5. ed. São Paulo: Pearson Prentice Hall, 2011.
WHITMAN, Michael E.; MATTORD, Herbert J. Principles of Information Security. 6. ed. Boston: Cengage Learning, 2019.
