Premium
EXPERIENCE WITH THE SYSTEMS SECURITY ENGINEERING CAPABILITY MATURITY MODEL
Author(s) -
Hefner Rick,
Monroe Warren,
Hsiao David
Publication year - 1996
Publication title -
incose international symposium
Language(s) - English
Resource type - Journals
ISSN - 2334-5837
DOI - 10.1002/j.2334-5837.1996.tb02124.x
Subject(s) - capability maturity model , maturity (psychological) , security engineering , context (archaeology) , process (computing) , engineering management , government (linguistics) , computer science , process management , software security assurance , engineering , systems engineering , information security , computer security , security service , psychology , paleontology , developmental psychology , linguistics , philosophy , software , biology , programming language , operating system
The Systems Security Engineering Capability Maturity Model (SSE‐CMM) is a tool for appraising and improving an organization's security engineering practices, and for augmenting existing assurance methods. The SSE‐CMM was developed through a government‐industry collaboration involving the nation's leading providers of security systems, products, and services. It does not specify how a particular process should be performed, but identifies practices generally accepted by industry. The SSE‐CMM can also be used to examine the practice of security engineering within the context of systems engineering. This paper describes the principles upon which the SSE‐CMM is based, the structure of the model, and its use in appraisals. Issues in model development, application, and adoption are presented.