Abstract

The continuous security information risks force organizations to constantly update their security protocols. This implies, among other aspects, to base their monitoring mainly on their own maturity status in the SGSI (Information Security Managing System). When a Chief Information Security Officer elaborates a protection plan of IT assets, a wide and varied range of threats must be considered. These tasks are executed using conceptual models, which do not usually work in an integrated and systematic way. Thus, these models seek to increase maturity levels for protecting and safeguarding information security. Among the most common [1], we find COBIT 5, CSE-CMM, NIST-CRST to which we add the security standards like OWASP, ISO 27000-1, SANS. From here then, it is possible to see the lack of a multi-standard model that integrates systematically the individual actions with the expected results. The present project proposes an integrated model that links and blends, on the one hand, the security standards and, on the other hand, the measurements of the organization’s maturity levels. By doing this, it is possible to count with a set of relevant actions, classified by evaluation categories, which provide conditions for crossing regulations and standardized controls. This finally allows to explore how efficient these acquired measures are, and, when needed, the corrections that should be introduced ahead.