The Systems Security Engineering Capability Maturity Model
An alternative approach to evaluating assurance is built on the capability maturity model (CMM) paradigm, which is a five-level model of increasingly mature processes and continuous improvement. The CMM originated in the Carnegie Mellon Software Engineering Institute (SEI) under the auspices of the U.S. Department of Defense (DoD).
The Systems Security Engineering Capability Maturity Model (SSE-CMM; copyright 1999 by the Systems Security Engineering Capability Maturity Model [SSE-CMM] Project) is based on the premise that if you can guarantee the quality of the processes that are used by an organization, then you can guarantee the quality of the products and services generated by those processes. It was developed by a consortium of government and industry experts and is now under the auspices of the International Systems Security Engineering Association (ISSEA) at www.issea.org. The SSE-CMM (www.sse-cmm.org/) makes the following salient points:
- Describes those characteristics of security engineering processes essential to ensure good security engineering
- Captures industry's best practices
- Accepted way of defining practices and improving capability
- Provides measures of growth in capability of applying processes
The SSE-CMM addresses the following areas of security:
- Operations security
- Information security
- Network security
- Physical security
- Personnel security
- Administrative security
- Communications security
- Emanations security ...
Get Web Commerce Security Design and Development now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
