Silva, Eliane Ferreira daMedeiros, Luciano Araújo de2022-06-072022-06-072022-02-18MEDEIROS, Luciano Araújo de. Fortalecimento da cultura de segurança da informação: um projeto piloto de autotreinamento e conscientização dos usuários. 2022. 207f. Dissertação (Mestrado Profissional em Gestão da Informação e do Conhecimento) - Centro de Ciências Sociais Aplicadas, Universidade Federal do Rio Grande do Norte, Natal, 2022.https://repositorio.ufrn.br/handle/123456789/47584It is a consensus that information is the most precious asset inside an organization. Therefore, measures aimed at the protection of this kind of information must be adopted. The more diversified and extensive these measures are, the higher the level of security. However, experts in the field point out that organizations seek to solve their informational problems with technology, contradicting recent studies that suggest the need for educating and making people aware of Information Security in order to decrease human vulnerabilities and strengthen the security organization culture. The main goal of this research is to propose a prototype that contributes to the strengthening of Information Security organizational culture at the Federal University of Rio Grande do Norte. This research appears as a case study with an inductive and exploratory approach of qualitative nature. From a bibliographic survey on Information Security and a documentary research, a form was elaborated for the interviews, which was validated by the Information Security coordinator, and which allowed us to understand the Information Security practices of those who composed the sample of this research: public servants with high privileges in institutional systems. Through the EDUCAUSE framework, the maturity degree in Information Security of the studied institution was identified. Subsequently, the compliances of known practices with the Information Security Policy and current regulations were verified. The application of the triangulation of these different sources and methods indicated that, among others, the agency is at Level 1, that is, very low maturity, since the majority of the interviewees have never participated in an Information Security training. They do not know how to contact the team responsible for Information Security Management. Only a few of them know about the Information Security Policy, as well as consider having skills in the area and use certain practices that may jeopardize the security of institutional information. Based on that, the proposed prototype was implemented and underwent analysis and review by a panel of experts in the areas of Information Security, Distance Education, and Information Architecture. After making the adjustments suggested by these experts, the prototype was applied and well evaluated by the participants. In the end, it was observed that the proposed solution contributes to the improvement of knowledge and awareness of the Information Security users, and, therefore, the strengthening of their culture.Acesso AbertoGestão da segurança da informaçãoCultura organizacionalMaturidade em segurança da informaçãoTreinamento e conscientizaçãoGestão da informação e do conhecimentomasterThesis