Process Capability and Maturity in Information Security

Authors

  • Alpana Kakkar Amity University, Noida - INDIA
  • Ritu Punhani Amity University, Noida, INDIA

DOI:

https://doi.org/10.51611/iars.irj.v1i2.2011.13

Keywords:

Information Security, Process Capability, CMM/CMMi, Software Engineering

Abstract

Information security has been more prominently considered under product approach in which this is considered as a framework of products providing different functionalities or features of information security like information availability, authenticity, non-repudiation, etc. But there is another important view point of information security. This is the Process View of information security in which the information security is considered as a process rather than a product. The process approach provides the benefits of repetitiveness, simplicity, and also statistically measureable and controllable. One can statistically manage the process for its maturity and capability. This white paper talks about understanding the information security as a process and then understanding the concepts of process maturity and capability for Information Security in organizations.

Downloads

Download data is not yet available.

Author Biography

  • Ritu Punhani, Amity University, Noida, INDIA

    Assistant Professor,
    Computer Science and Information Technology,
    Amity University, Noida,
    U.P., 201301, INDIA

References

D. Jain (2008), Software Engineering: Principles & Practices, Oxford University Press
Eugene Schultz (Jan 2008) The Capability Maturity Model in Information Security; DOI: http://blog.emagined.com/2008/01/17/the-capability-maturity-model-in-information-security
James LaPiedra (2011), The Information Security Process Prevention, Detection and Response, Global Information Assurance Certification Paper, GIAC directory of certified professionals.
Juhi Vasisht (2006), A Process Mindset: A Foundation for Information Security, Technical Enterprises, Inc., The ISSA Journal, January 2006
Kakkar, Alpana, Ritu Punhani, and D. Jain, (2011) ―HARVESTING THE WEB TO PROCURE SECURE INFORMATION FOR ENTERPRISE‖ IARS‘ International Research Journal, DOI: http://irj.iars.info/index.php/82800101201105
Karen Ferraiolo (2000), The Systems Security Engineering Capability Maturity Model, ISSEA
Kelley Dempsey, Arnold Johnson, Ronald Johnston, Alicia Clay Jones, Angela Orebaugh, Matthew Scholl, and Kevin Stine (2011), Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, U.S. Department of Commerce, Gaithersburg, MD, USA.
Mark C. Paulk and Michael D. Konrad (1994), MEASURING PROCESS CAPABILITY VERSUS ORGANIZATIONAL PROCESS MATURITY, Software Engineering Institute, Carnegie Mellon University, Pittsburgh
Mitchell Rowton (2011), Information Security as a Process, PacketSource — Security White Papers, DOI: http://www.packetsource.com/article/policy-guides/38249/information-security-as-a-process
S.W. Smith, Eugene H. Spafford (2004), Grand Challenges in Information Security: Process and Output, IEEE SECURITY & PRIVACY, IEEE COMPUTER SOCIETY.

Crossref Crossmark

Downloads

Published

2011-08-29

Issue

Vol. 1 No. 2 (2011): IARS' International Research Journal

Section

Peer Reviewed Research Manuscript

License

Copyright (c) 2011 Alpana Kakkar, Ritu Punhani

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Author(s) hold complete right on the content of this article. Copyright to the content are governed as per Copyright Policy of the Journal.

How to Cite

“Process Capability and Maturity in Information Security” (2011) IARS’ International Research Journal, 1(2). doi:10.51611/iars.irj.v1i2.2011.13.

Citations

Crossref
Scopus
Google Scholar
Europe PMC

Similar Articles

1-10 of 60

You may also start an advanced similarity search for this article.