ALIGNING INFORMATION SECURITY WITH THE IMAGE OF THE ORGANIZATION AND PRIORITIZATION BASED ON FUZZY LOGIC FOR THE INDUSTRIAL AUTOMATION SECTOR

This paper develops the strategic alignment of organizational behavior through theorganizations′ image, prioritization and information security practices. To this end, informationsecurity is studied based on the business requirements of confidentiality, integrity andavailability by applying a tool which integrates the strategic, tactical and operational visionthrough the following framework: Balanced Scorecard - BSC (strategic) x Control Objectives forInformation and Related Technology - COBIT (tactical) x International Organization forStandardization - ISO/International Electro Technical Commission - IEC27002 (operational).Another image instrument of the organization is applied in parallel with this analysis to identifyand analyze performance involving profiles related to mechanistic, psychic prisons, politicalsystems, instruments of domination, organisms, cybernetics, flux and transformation(MORGAN, 1996). Finally, a model of strategic prioritization, based on compensatory fuzzylogic (ESPIN and VANTI, 2005), is applied. The method was applied to an industrial companylocated in southern Brazil. The results with the application show two organizational images:"organism" and "flux and transformation ". The strategic priorities indicated a significant searchfor new business services and international markets. Regarding protection of information,security found the gap between "minimum" and "Reasonable" and in domain 8 (HR) of standardISO/IEC27002, considered 71% protection as "inappropriate" and "minimal" in the ITGovernance context.