Civil Servers Of The TJTO Complete Course On Safety And Risk Management

The Superior School of the Judges of the State of Tocantins (ESMAT) closed on Tuesday (Dec 2nd), the course on "Response to security incidents and risk management", conducted in person at the headquarters of the institution. The training brought together civil servers of strategic areas of the Court of Justice of the State of Tocantins (TJTO), such as Presidency, Directorate of Information Technology (DTINF), Information Security Advisory (ASEGI), Coordination of Strategic Management, Statistics and Projects (Coges), Esmat, Risk Management Committee and IT Advisory of the General Internal Affairs. 

With a class load of 16 hours, distributed on December 1st and 2nd, the course aimed to train civil servers in Information Security, Risk Management and Incident Response, with theoretical and practical focus on prevention actions, Detection and reaction to attacks in physical and electronic environments. 

The proposal, taught by Doctor Professor Cleórbete Santos, used material based on national and international standards in real cases of public bodies and private companies, aligning training to the guidelines of the National Council of Justice (CNJ) and the Risk Management Manual of the TJTO.

Throughout the activities, participants studied principles of information security, encryption, malware, social engineering, "zero trust" architecture, security in web applications and risk management frameworks such as ISO 31000, ISO/IEC 27005 and the NIST Cybersecurity Framework. Also worked concepts of appetite and risk tolerance, risk matrix, registration of risks, qualitative and quantitative analysis, as well as techniques for identification and treatment of risks in the corporate environment. 

The second part of the programming was dedicated to the responding to security incidents, including policies and response plans, operation of CSIRT/CIRT teams, classification and prioritization of incidents, containment strategies, preservation of evidence, digital forensic analysis and preparation of post-incident reports, with emphasis on the impacts of the General Data Protection Law (LGPD) in situations of information leakage or compromise.