Maturity Model for Information Access Management of Peruvian IT Service Providers based on ISO/IEC 27001 and CMMI Security Controls

Abstract

Read online

In the current context of increasing cyber threats to Latin American IT service providers, the cost of data breaches is expected to increase 31% by 2023, which highlights the urgency of strengthening security practices. Therefore, it is proposed to improve maturity in access management, with the development of a model based on ISO/IEC 27001:2022 designed for Peruvian IT service providers. The study consists of three stages: analysis, design and validation. In the first stage, a comparative analysis is made between success factors, cybersecurity aspects, maturity models and access management mechanisms. The second and third stages cover the model building phases according to De Bruin's methodology. In the second phase, the level structure is defined according to CMMI and in the third phase, the model is validated by experts in the field and deployed in an enterprise in the sector. The results obtained from the validation showed that "understandability", "usefulness and practicality", “accuracy”, "comprehensiveness ", "sufficiency", “relevance”, "usability" and "accuracy" obtained an average rating of 4.6 (agree). Finally, with respect to the implementation of the proposed model, the elimination phase had a maturity index of 0.14, which placed it at an initial maturity level. On the other hand, the other phases exceeded an index of 0.55, placing them in the three highest levels of maturity achievable. In this way, an improvement proposal for the enterprise was made and accepted.

Keywords

• information access management
• cmmi
• security controls
• iso/iec 27001