Abstract
Traditionally, information security management standards listing generic means of protection have received a lot of attention in the field of information security management. In the background a few information security management-oriented maturity standards have been laid down, albeit they have been elided by the information security community in great measure. The aim of this study is to analyze the alternative maturity criteria — SSE-CMM, Security Program Maturity Grid, Software Security Metrics — for developing secure IS/software (SW). First, a framework synthesized from the information systems (IS) and software engineering (SE) literatures is advanced. Secondly, the existing information security maturity criteria are pored over in the light of this framework. Thirdly, on the basis of results of this analysis, implications for practice and research are presented.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.