Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

White Paper

It’s a Nice Idea but How Do We Get Anyone to Practice It? A Staged Model for Increasing Organizational Capability in Software Assurance

  • Abstract

    This article presents a standard approach to increasing the security capability of a typical IT function. This five level model involves the development of a common set of security best practices, which are then deployed in a staged fashion to leverage an optimal security capability across the organization. At the lowest level the organization will have minimal assurance of security capability. At the highest level the organization can be trusted to produce products and provide services that are both dependable and secure. The article presents the practices and the maturity framework. It also discusses the practical mechanisms for implementing this model in a real world setting.

  • Download