Abstract
The methodology consists of 5 stages and 5 evaluation criteria, which are formulated and extracted from security and cybersecurity standards and regulations, such as NIST 800-61 Rev2, ISO 27035:2012, ITIL V4, Cobit V4. and in turn, it is integrated with the maturity model described by the CMMI (Capability Maturity Model Integration), together with the reference frameworks for governance and management of information technologies. Each stage has a series of control objectives which will allow to determine its state of maturity for each of them and once completed in its entirety, it will deliver a diagnosis of its level of maturity. As mentioned above, the methodology is carried out based on good practices and focuses on ISO27035:2012, given that when carrying out the analysis between the different standards and norms, this standard meets the criteria that each one addresses more broadly. of the phases as it is the lessons learned. Likewise, COBIT 4.1 was used because it describes the maturity model for the control objectives under the CMMI methodology and since version 5 of COBIT, a new methodology called PAM began to be used to measure maturity.
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call