Abstract
Traditionally, information security management standards listing generic means of protection have received a lot of attention in the field of information security management. In the background a few information security management-oriented maturity standards have been laid down, albeit they have been elided by the information security community in great measure. The aim of this study is to analyze the alternative maturity criteria — SSE-CMM, Security Program Maturity Grid, Software Security Metrics — for developing secure IS/software (SW). First, a framework synthesized from the information systems (IS) and software engineering (SE) literatures is advanced. Secondly, the existing information security maturity criteria are pored over in the light of this framework. Thirdly, on the basis of results of this analysis, implications for practice and research are presented.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
