Security Process Maturity: Level 4

by Steven McElwee, CISSP

Level four of ISM³ adds the remaining security processes in the model. This level requires the highest investment, but provides the highest level of protection against technical and internal threats. The security processes in this level are necessary if your organization operates in a highly regulated environments with information assets that are targets for attackers. Examples include stock exchanges, financial institutions, and utilities.

The operational security processes for level 4 are:

• Enhanced reliability and availability management
• Information archiving
• Information quality and compliance probing
• Events detection and analysis
• Forensics

If level four fills in the remaining security processes, what's left for level five? Tomorrow's post will move us from managing security processes to measuring and continuously improving them.