Untitled in english

As information technology becomes more pervasive in all branches of the human activity and remodels the organizational structures to which we are accustomed, the necessity for fast and secure exchange of information resources between different organizations grows. In this context, the capacity of an organization of protecting its information resources must be set as one of its more important objectives. Hence the importance of the composition and publishing of a consistent and ubiquitous corporate security policy, that will efficiently direct its security management process, in accordance with the international recommendations and local legislation, reducing the occurrence of security incidents and guaranteeing the inter-organizational uniformity of the treatment of information resources. This work has as its main objective the proposal of a support framework to the security management process, defining an information model that will support a structure of applications that can assist information security teams in its main activities: risk analysis, composition and update of the security policies, security auditing and the management of the computer security incident response team of the organization. As proof of concept, we will describe the architecture and prototype of one of the constituent applications of the considered system: an application for composition and maintenance of corporate security policies according to international information security standards and current local legislation, using the methodology proposed. The impact of its implementation will also be evaluated through the measurement of the security process metrics presented. (AU)