ICT Governance and Management Macroprocesses of a Brazilian Federal Government Agency
Edna Dias Canedo,
Ana Paula Morais do Vale,
Rogério Machado Gravina,
Alessandra de Vasconcelos Sales,
Bruno J. G. Praciano,
Vinicius Eloy dos Reis,
Fábio Lúcio Lopes Mendonça,
Rafael Timóteo de Sousa Júnior
Affiliations
Edna Dias Canedo
Department of Computer Science, University of Brasília (UnB), P.O. Box 4466, Brasília 70910-900, Brazil
Ana Paula Morais do Vale
National Science and Technology Institute on Cyber Security, Electrical Engineering Department, University of Brasília (UnB), P.O. Box 4466, Brasília 70910-900, Brazil
Rogério Machado Gravina
National Science and Technology Institute on Cyber Security, Electrical Engineering Department, University of Brasília (UnB), P.O. Box 4466, Brasília 70910-900, Brazil
Alessandra de Vasconcelos Sales
National Science and Technology Institute on Cyber Security, Electrical Engineering Department, University of Brasília (UnB), P.O. Box 4466, Brasília 70910-900, Brazil
Bruno J. G. Praciano
National Science and Technology Institute on Cyber Security, Electrical Engineering Department, University of Brasília (UnB), P.O. Box 4466, Brasília 70910-900, Brazil
Vinicius Eloy dos Reis
General Coordination of Information Technology (CGTI), Administrative Council for Economic Defense (CADE), Brasília 70770-504, Brazil
Fábio Lúcio Lopes Mendonça
National Science and Technology Institute on Cyber Security, Electrical Engineering Department, University of Brasília (UnB), P.O. Box 4466, Brasília 70910-900, Brazil
Rafael Timóteo de Sousa Júnior
National Science and Technology Institute on Cyber Security, Electrical Engineering Department, University of Brasília (UnB), P.O. Box 4466, Brasília 70910-900, Brazil
The process of identifying and managing Information and Communication Technology (ICT) risks has become a concern and a challenge for public and private organizations. In this context, risk management methodologies within the Brazilian Federal Public Administration organizations have become indispensable to help the managers of these organizations in decision making, especially in the distribution of public funds, elaboration of public policies focused on transparency, social actions contemplating indemnities, and social benefits, among others. In addition, the various ICT projects controlled by the public administration need a methodology to perform their management of ICT resources. In this article, we present the Governance and Risk Management methodology used to model the Administrative Council for Economic Defense (CADE) macro processes. The proposed methodology used the risk management process aligned to the ISO 31000 standards. This alignment was necessary for mapping CADE’s risk events, regardless of their complexity. The modeled ICT risk processes will support the organization’s managers in decision making and may be used or customized by any other organization of the Brazilian Federal Public Administration.