Prioritization Strategy for Measures in the Brazilian Security Framework
Resumo
This article presents the actions of the Brazilian government to build a sustainable model to address issues of information security, data protection, and privacy. It also presents the leading agencies involved, their responsibilities, and the transversality of their actions within these themes. A national framework is presented that aims to ensure compliance and assess the maturity of the federal administration in these themes, in addition to promoting a culture in these issues and being in compliance with national and international regulations and best practices. In addition, the Analytic Hierarchy Process (AHP) method is applied to a set of controls of the Brazilian framework, seeking to obtain priority measures for these controls. The results demonstrate the importance of correct and efficient judgment necessary to define and prioritize the measures implemented by the institutions in each control.Referências
Ayala-Rivera, V., Portillo-Dominguez, A. O., and Pasquale, L. (2024). Gdpr compliance via software evolution: Weaving security controls in software design. Journal of Systems and Software, 216.
Belli, L., Curzi, Y., and Gaspar, W. B. (2023). Ai regulation in brazil: Advancements, flows, and need to learn from the data protection experience. Computer Law and Security Review, 48.
Buckley, G., Caulfield, T., and Becker, I. (2024). How might the gdpr evolve? a question of politics, pace and punishment. Computer Law and Security Review, 54.
Greenleaf, G. (2023). Global data privacy laws 2023: 162 national laws and 20 bills. SSRN Electronic Journal.
Guamán, D. S., Rodriguez, D., del Alamo, J. M., and Such, J. (2023). Automated gdpr compliance assessment for cross-border personal data transfers in android applications. Computers and Security, 130.
Guidi, G., Goffo, G., and Violante, A. C. (2024). Application of the analytic hierarchy process (ahp) method to identify the most suitable approach for managing irradiated graphite. Nuclear Engineering and Technology.
Mukhopadhyay, A. and Jain, S. (2024). A framework for cyber-risk insurance against ransomware: A mixed-method approach. International Journal of Information Management, 74.
Peixoto, M., Ferreira, D., Cavalcanti, M., Silva, C., Vilela, J., Araújo, J., and Gorschek, T. (2023). The perspective of brazilian software developers on data privacy. Journal of Systems and Software, 195.
Sullivan, C. (2019). Eu gdpr or apec cbpr? a comparative analysis of the approach of the eu and apec to cross border data transfers and protection of personal data in the iot era. Computer Law and Security Review, 35:380–397.
Tao, H., Bhuiyan, M. Z. A., Rahman, M. A., Wang, G., Wang, T., Ahmed, M. M., and Li, J. (2019). Economic perspective analysis of protecting big data security and privacy. Future Generation Computer Systems, 98:660–671.
Thomas, L., Gondal, I., Oseni, T., and Firmin, S. S. (2022). A framework for data privacy and security accountability in data breach communications. Computers and Security, 116.
Éllen Renner Ferrão, S., Silva, G. R. S., Canedo, E. D., and Mendes, F. F. (2023). Supplementary material for towards a taxonomy of privacy requirements based on the lgpd and iso/iec 29100.
Belli, L., Curzi, Y., and Gaspar, W. B. (2023). Ai regulation in brazil: Advancements, flows, and need to learn from the data protection experience. Computer Law and Security Review, 48.
Buckley, G., Caulfield, T., and Becker, I. (2024). How might the gdpr evolve? a question of politics, pace and punishment. Computer Law and Security Review, 54.
Greenleaf, G. (2023). Global data privacy laws 2023: 162 national laws and 20 bills. SSRN Electronic Journal.
Guamán, D. S., Rodriguez, D., del Alamo, J. M., and Such, J. (2023). Automated gdpr compliance assessment for cross-border personal data transfers in android applications. Computers and Security, 130.
Guidi, G., Goffo, G., and Violante, A. C. (2024). Application of the analytic hierarchy process (ahp) method to identify the most suitable approach for managing irradiated graphite. Nuclear Engineering and Technology.
Mukhopadhyay, A. and Jain, S. (2024). A framework for cyber-risk insurance against ransomware: A mixed-method approach. International Journal of Information Management, 74.
Peixoto, M., Ferreira, D., Cavalcanti, M., Silva, C., Vilela, J., Araújo, J., and Gorschek, T. (2023). The perspective of brazilian software developers on data privacy. Journal of Systems and Software, 195.
Sullivan, C. (2019). Eu gdpr or apec cbpr? a comparative analysis of the approach of the eu and apec to cross border data transfers and protection of personal data in the iot era. Computer Law and Security Review, 35:380–397.
Tao, H., Bhuiyan, M. Z. A., Rahman, M. A., Wang, G., Wang, T., Ahmed, M. M., and Li, J. (2019). Economic perspective analysis of protecting big data security and privacy. Future Generation Computer Systems, 98:660–671.
Thomas, L., Gondal, I., Oseni, T., and Firmin, S. S. (2022). A framework for data privacy and security accountability in data breach communications. Computers and Security, 116.
Éllen Renner Ferrão, S., Silva, G. R. S., Canedo, E. D., and Mendes, F. F. (2023). Supplementary material for towards a taxonomy of privacy requirements based on the lgpd and iso/iec 29100.
Publicado
20/07/2025
Como Citar
SOUSA, Marco Antonio Firmino de; SILVA, Douglas Chagas da; SOARES, Heder Dorneles.
Prioritization Strategy for Measures in the Brazilian Security Framework. In: LATIN AMERICAN SYMPOSIUM ON DIGITAL GOVERNMENT (LASDIGOV), 12. , 2025, Maceió/AL.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 261-272.
ISSN 2763-8723.
DOI: https://doi.org/10.5753/lasdigov.2025.9349.
