Information security management practices: study of the influencing factors in a brazilian air force institution
Keywords:Information Security, Management, ISO/IEC 27001, ISO/IEC 27002, Technology Acceptance Model – TAM, Brazilian Air Force Information Technology Board
This article aims at analyzing the factors which influence the staff of the Brazilian Air Force Information Technology Board – DTI in relation to the understanding of the application of the Information Security Management practices. This attempt was based on the hypothetical-deductive method and, as to its objective, it was descriptive in nature. As to the approach of the research problem, it was quantitative in nature. In order to achieve the proposed objective, an adaptation of the Theoretical Technology Acceptance Model – TAM, which allowed the analysis of the relation between sociodemographic profile, perceived ease of use, perceived usefulness, attitude and behavior of the users, and the level of understanding of the Information Security practices. The survey was conducted with 59 military servants and civilians which are part of the Brazilian Air Force Information Technology Board, to whom a questionnaire was applied, submitted and approved by the Committee of Ethics in Research (CAAE: 62636016.7.0000.5111), which was based on the precepts of ISO/IEC 27001 (2013) and 27002, which deal, respectively, with the Information Security Management system and with the code of practice for Information Security controls. Once the data were gathered, they were tabulated and statistically analyzed, which enabled the demonstration of the influence of sociodemographic and behavioral factors and of the precepts of the TAM in the perception of the Information Security practices by the DTI staff.