Aplicação da estratégia Primasia visando à segurança da informação em ambiente de Data Centers.

Abstract

The present work presents a study on maturity, with specification and practical application of the Primasia strategy independently, based on ISO 27000 family controls and COBIT maturity levels, aiming at process improvements and prioritization of controls used to maintain and improve safety of information in a data center environment. With the general objective of analyzing the level of maturity of corporate data center environments with respect to information security. The use of participatory action-research methodology was carried out through questionnaires with specialists from the study area based on the Primasia strategy. For the application of the methodology, several maturity models were identified, based on norms and procedures focused on the studied theme. The implementation of these models mostly takes into account all the possible controls defined by the models, which makes it difficult to manage the organizations, define the aspects that are most relevant, and the level of complexity of the controls. The final result of this study is the application of the Primasia strategy independently, creating an independent classification of the most important controls to be applied to the data center environment, ensuring that the most relevant aspects are prioritized with higher scores. It is concluded that within this context, this study made it possible to identify and classify the level of maturity in data center environments, regarding the information security criteria, meeting the main objective of this project that is to analyze the level of maturity of the environments of corporate data centers with regard to information security.