Process Capability and Maturity in Information Security
DOI:
https://doi.org/10.51611/iars.irj.v1i2.2011.13Keywords:
Information Security, Process Capability, CMM/CMMi, Software EngineeringAbstract
Information security has been more prominently considered under product approach in which this is considered as a framework of products providing different functionalities or features of information security like information availability, authenticity, non-repudiation, etc. But there is another important view point of information security. This is the Process View of information security in which the information security is considered as a process rather than a product. The process approach provides the benefits of repetitiveness, simplicity, and also statistically measureable and controllable. One can statistically manage the process for its maturity and capability. This white paper talks about understanding the information security as a process and then understanding the concepts of process maturity and capability for Information Security in organizations.
Downloads
References
Eugene Schultz (Jan 2008) The Capability Maturity Model in Information Security; DOI: http://blog.emagined.com/2008/01/17/the-capability-maturity-model-in-information-security
James LaPiedra (2011), The Information Security Process Prevention, Detection and Response, Global Information Assurance Certification Paper, GIAC directory of certified professionals.
Juhi Vasisht (2006), A Process Mindset: A Foundation for Information Security, Technical Enterprises, Inc., The ISSA Journal, January 2006
Kakkar, Alpana, Ritu Punhani, and D. Jain, (2011) ―HARVESTING THE WEB TO PROCURE SECURE INFORMATION FOR ENTERPRISE‖ IARS‘ International Research Journal, DOI: http://irj.iars.info/index.php/82800101201105
Karen Ferraiolo (2000), The Systems Security Engineering Capability Maturity Model, ISSEA
Kelley Dempsey, Arnold Johnson, Ronald Johnston, Alicia Clay Jones, Angela Orebaugh, Matthew Scholl, and Kevin Stine (2011), Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, U.S. Department of Commerce, Gaithersburg, MD, USA.
Mark C. Paulk and Michael D. Konrad (1994), MEASURING PROCESS CAPABILITY VERSUS ORGANIZATIONAL PROCESS MATURITY, Software Engineering Institute, Carnegie Mellon University, Pittsburgh
Mitchell Rowton (2011), Information Security as a Process, PacketSource — Security White Papers, DOI: http://www.packetsource.com/article/policy-guides/38249/information-security-as-a-process
S.W. Smith, Eugene H. Spafford (2004), Grand Challenges in Information Security: Process and Output, IEEE SECURITY & PRIVACY, IEEE COMPUTER SOCIETY.
Downloads
Published
Issue
Section
License
Copyright (c) 2011 Alpana Kakkar, Ritu Punhani
This work is licensed under a Creative Commons Attribution 4.0 International License.
Author(s) hold complete right on the content of this article. Copyright to the content are governed as per Copyright Policy of the Journal.