Document Type


Publication Date



Security, Standard, Compliance


The ISO 27001 adoption grows worldwide motivated primarily by the need for compliance and as a way of improving the management of assets and risks of organizations. Many are the challenges to establish and maintain a Information Security Management System (ISMS) effective and adds value. However, the Brazilian organizations studies about these challenges are scarce. This article identifies and analyzes some of the challenges faced in establishing and maintaining an ISMS on the national scene using the multiple case study method. Obstacles such as lack of management support, lack of training of information security area, influence of local culture, failures in risk analysis and resistance to change were systematically identified.


This paper is in Portuguese (Análise dos Desafios para Estabelecer e Manter Sistema de Gestão de Segurança da Informação no Cenário Brasileiro)