Maturity criteria for developing secure is and SW limits, and prospects

Abstract

Traditionally, infonnation security management standards listing generic means of protection have received a lot of attention in the field of infonnation security management. In the background a few information security management-oriented maturity standards have been laid down, albeit they have been elided by the information security community in great measure. The aim of this study is to analyze the alternative maturity criteria-SSE-CMM, Security Program Maturity Grid, Software Security Metrics-for developing secure IS/software (SW). First, a framework synthesized from the information systems (IS) and software engineering (SE) literatures is advanced. Secondly, the existing infonnation security maturity criteria are pored over in the light of this framework. Thirdly, on the basis of results of this analysis, implications for practice and research are presented.