This research paper is about the study of Information Security Policy Management in the
Judiciary of the State of Tocantins. For this purpose, documentary research on Laws,
Resolutions, Ordinances, Normative Instructions of the Judiciary of the State of Tocantins
(PJTO) and the National Council of Justice (CNJ) was used as a methodological procedure.
The objectives of the research project are based on presenting how the implementation of
the security processes took place, addressing the creation of the Security Management
Committee and also the Information Security Policy in the scope of the PJTO through
Ordinance nº 3433 of June 26, 2017. In the year 2019 two ordinances were published
containing new norms of conformity, which are: the Ordinance nº 1660, of August 12, 2019,
which deals with: a) risk management and b) backup processes, which form the artifacts
from the research of the Master applied to the Tocantinense Judiciary, and the Ordinance nº
2361/2019, of November 8, 2019, which creates a Working Group to support the Information
Security Management Committee of the PJTO, thus fulfilling the requirements of Resolution
211/2015 of the CNJ. Furthermore, bibliographic research and study of the ABNT 27002
framework as an instrument to evaluate the degree of maturity in information security,
formed by 59 control questions and involving 14 domains present in ABNT 27002. The
instrument was applied in the strategic, tactical and operational areas of the Tocantins State
Court of Justice. These artifacts are intended to subsidize the Information Security
Management Committee in its decision making efforts to improve the management of
information security, within the scope of the Judiciary Branch of the State of Tocantins.
|
