Security Process Maturity: Level 3<script type="text/javascript" src="http://www.blogger.com/static/v1/common/js/1499043574-csitaillib.js"></script> <script>if (typeof(window.attachCsiOnload) != 'undefined' && window.attachCsiOnload != null) { window.attachCsiOnload('ext

by Steven McElwee

The third level of ISM³ requires significant investment, but it provides a high level of protection against technical security threats. This level is important for organizations that have high security risks and many critical assets, especially externally facing applications.

The jump from level two to level three does not add many processes, but the processes require more people and time commitment. In addition, these processes require more participation from business function owners, IT operations, project management, and software development. To achieve this level, your security staff will need skills to create a collaborative, participative environment.

The level three operational security processes are:

Asset classification and management
SDLC control
Operations continuity management
Incident response
Incident emulation

The level 3 processes build on the previous levels. Building a solid foundation at levels one and two before tackling level 3 will provide broad security coverage of systems, processes, and people.

Labels: Security Process

1.30.2008

Security Process Maturity: Level 3

0 Comments:

Links to this post:

Categories

Get Updates

Previous Posts