Traditionally, infonnation security management standards listing generic means of protection have received a lot of attention in the field of infonnation security management. In the background a few information security management-oriented maturity standards have been laid down, albeit they have been elided by the information security community in great measure. The aim of this study is to analyze the alternative maturity criteria-SSE-CMM, Security Program Maturity Grid, Software Security Metrics-for developing secure IS/software (SW). First, a framework synthesized from the information systems (IS) and software engineering (SE) literatures is advanced. Secondly, the existing infonnation security maturity criteria are pored over in the light of this framework. Thirdly, on the basis of results of this analysis, implications for practice and research are presented.
CITATION STYLE
Siponen, M. T. (2002). Maturity criteria for developing secure is and SW limits, and prospects. In IFIP Advances in Information and Communication Technology (Vol. 86, pp. 91–108). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-0-387-35586-3_7
Mendeley helps you to discover research relevant for your work.