Adaptando o Modelo PREPARE para Gestão de Riscos em Crises de Tecnologia

Authors

  • Ruddy Vasquez USP
  • Lucas Carrazzoni Mirabella
  • Jefferson Luiz Bution
  • Andrei Carlos Torresani Paza
  • Lucas Israel Oliveira Testi
  • Germano Fenner
  • Fabio Lotti Oliva
  • Celso Cláudio Hildebrand e Grisi
  • Alexandre Nabil Ghobril

Keywords:

Gestão de Crises, Tecnologia, Segurança da Informação

Abstract

The proliferation of a world grounded in digital data heightens the imperative for organizations to be equipped to manage risks and potential crises within the technological domain. Grounded in the case study of the 2017 Wannacry ransomware cyberattack, which impacted thousands of organizations on a global scale, this paper endeavors to adapt a systemic solution model for technology-centric crisis events. It further evaluates this model in the context of the technology risk management and information security strategy employed by a major Brazilian private bank during the Wannacry attack.

Downloads

Download data is not yet available.

References

ABNT NBR ISO 22301. (2012). Segurança da sociedade – Sistema de gestão de continuidade e negócios. Associação Brasileira de Normas Técnicas. ABNT.

ABNT NBR ISO 31000. (2018). Gestão de riscos – Princípios e diretrizes. Associação Brasileira de Normas Técnicas. ABNT.

Bardin, L. (2016). Análise de conteúdo. Edições 70.

Barlyn, S. (2017). Global cyber attack could spur $53 billion in losses: Lloyd's of London. Reuters. https://www.reuters.com/article/us-cyber-lloyds-report-idUSKBN1A20AB

Brenner, B. (2017). WannaCry: the ransomware worm that didn't arrive on a phishing hook. Naked Security. https://nakedsecurity.sophos.com/2017/05/17/wannacry-the-ransomware-worm-that-didnt-arrive-on-a-phishing-hook/

Basle Committee on Banking Supervision. (1997). Core principles for effective banking supervision.

Chua, Y. T., et al. (2019). Identifying Unintended Harms of Cybersecurity Countermeasures. In 2019 APWG Symposium on Electronic Crime Research (eCrime), USA, 1-15. https://doi.org/10.1109/eCrime47957.2019.9037589

Committee of Sponsoring Organizations of the Treadway Commission. COSO. (2007). Enterprise Risk Management Framework.

Committee of Sponsoring Organizations of the Treadway Commission. COSO. (2017). Enterprise risk management – Integrated framework.

Cyber-attack: Europol says it was unprecedented in scale. (2017, May 13). BBC News.

Gallop, D., Willy, C., & Bischoff, J. (2016). How to catch a black swan: Measuring the benefits of the premortem technique for risk identification. Journal of Enterprise Transformation, 6(2), 87-106. https://doi.org/10.1080/19488289.2016.1240118

Davis, B. J. (2005). PREPARE: Seeking systemic solutions for technological crisis management. Knowledge and Process Management, 12(2), 123-131. https://doi.org/10.1002/kpm.220

Deloitte. (2015). Manual de gestão de crises para relações com investidores: Comunicação e estratégia para a preservação de valor.

Essays, UK. (November 2018). Risk and crisis management. https://www.ukessays.com/essays/management/risk-crisis-management-3229.php?vref=1

Gil, A.C. (2008). Métodos e técnicas de pesquisa social (6a ed.). Atlas.

Godoy, A. S. (1995). Pesquisa qualitativa: Tipos fundamentais. Revista de Administração de Empresas, 35(3), 20-29.

Ingham, H., & Luft, J. (1955). The Johari Window: A graphic model for interpersonal relations. Proceedings of the western training laboratory in group development, Los Angeles.

Lakatos, E. M., & Marconi, M. A. (2002). Técnicas de pesquisa: Planejamento e execução de pesquisas, amostragens e técnicas de pesquisa, elaboração, análise e interpretação de dados (5a ed.). São Paulo: Atlas.

Massie, M. J. (2011). Risk acceptance personality paradigm: How we view what we don't know we don't know. ARES Corporation. https://doi.org/10.2514/6.2011-1455

Nakashima, E., & Timberg, C. (2017, May 16). NSA officials worried about the day its potent hacking tool would get loose. Then it did. Washington Post. https://www.washingtonpost.com/world/national-security/nsa-officials-worried-about-the-day-its-potent-hacking-tool-would-get-loose-then-it-did/2017/05/16/50670b16-3978-11e7-a058-ddbb23c75d82_story.html

Oliva, F. L. (2016). A Maturity Model for Enterprise Risk Management. International Journal of Production Economics, 173, 66-79.

Orduña, O. I. R. (2002). A comunicação em momentos de crise. BOCC – Biblioteca Online de Ciências da Comunicação. https://www.bocc.ubi.pt/pesquisa?type=author&value=779.

Pang, A. (2012). Towards a crisis pre-emptive image management model. Corporate Communications: An International Journal, 17(3), 358-378.

World Economic Forum. (2021). Annual Report 2020-2021. https://www.weforum.org/publications/annual-report-2020-2021/

Downloads

Published

2024-08-19

How to Cite

Vasquez, R., Carrazzoni Mirabella, L., Bution, J. L., Torresani Paza, A. C., Israel Oliveira Testi, L., Fenner, G., Lotti Oliva, F., Hildebrand e Grisi, C. C., & Nabil Ghobril, A. (2024). Adaptando o Modelo PREPARE para Gestão de Riscos em Crises de Tecnologia. Práticas Em Contabilidade E Gestão, 12(1). Retrieved from http://editorarevistas.mackenzie.br/index.php/pcg/article/view/17161

Issue

Vol. 12 No. 1 (2024): Práticas em Contabilidade e Gestão

Section

Artigos

License

Copyright (c) 2024 Ruddy Vasquez, Lucas Carrazzoni Mirabella, Jefferson Luiz Bution, Andrei Carlos Torresani Paza, Lucas Israel Oliveira Testi, Germano Fenner, Fabio Lotti Oliva, Celso Cláudio Hildebrand e Grisi, Alexandre Nabil Ghobril

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Os direitos autorais dos artigos publicados na Práticas em Contabilidade e Gestão pertencem aos autores, que concedem à Universidade Presbiteriana Mackenzie os direitos de publicação do conteúdo. Após a aprovação do artigo, os autores concedem à revista o direito da primeira publicação.