A multi-perspective methodology for evaluating the security maturity of data centers

摘要

Threats to information security can have great impact on business finances and company's reputation. Traditional methodologies for evaluating the maturity of data centers investigate security parameters to determine the compliance of data centers and international security norms. This paper proposes two innovative evaluation procedures to capture other security perspectives on data center environments: (1) weighted analysis - it weights higher security controls simultaneously present in a higher number of norms; (2) it is sensitive to the importance level that the organization assigns to each security control. Through the proposed methodology, security engineers can identify security issues, characterize the security maturity, and suggest new policies improve security configurations of data centers. This paper also includes a case study to evaluate the benefits of the methodology in real-world scenarios. Results demonstrated that the proposed methodology evaluates higher the security elements more relevant for the company, where as traditional approaches consider all security aspects to be equally important.