Modelo de evaluación madurez de gestión de seguridad de la información en centros de datos Information Security Assessment Model for Data Centers

Information security (IS) has gone from being used purely for government classified data protection purposes in military matters, to becoming an asset of vital importance for organizations in any economic sector. The objective of this study is to evaluate the maturity of information security in data centers. For this, the controls of the ISO27002 and NIST 800-53 r5 standards that apply to the aforementioned objective were analyzed, with the selected controls an instrument consisting of 80 items was obtained, distributed in Organizational Aspects of Information Security (9), Access Control (20), Physical and Environmental Security (28), Operational Security (14), Telecommunications Security (9).

On the other hand, to evaluate the level of maturity, the study "A methodology of multiple perspectives for the evaluation of the Security Maturity of data centers" was taken as a reference, where 3 analyzes are carried out (traditional, weighted and contextual) with the objective of customizing the instrument to the needs of the organization considering the weighting and relevance that the auditee assigns to each control. With the results obtained, both perspectives and their relevance relationship for the company where the instrument will be applied will be analyzed, given that the auditee will grant relevance to the controls and avoid breaches in information security.