Open AccessProcess Capability and Maturity in Information Security
Author(s) -
Alpana Kakkar,
Ritu Punhani
Publication year - 2011
Publication title -
iars international research journal
Language(s) - English
Resource type - Journals
eISSN - 2202-2821
pISSN - 1839-6518
DOI - 10.51611/iars.irj.v1i2.2011.13
Subject(s) - maturity (psychological) , information security , process (computing) , computer science , product (mathematics) , computer security , information security management , information security standards , capability maturity model , process management , security information and event management , information security management system , business , risk analysis (engineering) , security service , cloud computing security , mathematics , network security policy , political science , cloud computing , programming language , geometry , software , law , operating system
Information security has been more prominently considered under product approach in which this is considered as a framework of products providing different functionalities or features of information security like information availability, authenticity, non-repudiation, etc. But there is another important view point of information security. This is the Process View of information security in which the information security is considered as a process rather than a product. The process approach provides the benefits of repetitiveness, simplicity, and also statistically measureable and controllable. One can statistically manage the process for its maturity and capability. This white paper talks about understanding the information security as a process and then understanding the concepts of process maturity and capability for Information Security in organizations.