Its a Nice Idea but How Do We Get Anyone to Practice It? A Staged Model for Increasing Organizational Capability in Software Assurance

Abstract

This article presents a standard approach to increasing the security capability of a typical IT function. This five level model involves the development of a common set of security best practices, which are then deployed in a staged fashion to leverage an optimal security capability across the organization. At the lowest level the organization will have minimal assurance of security capability. At the highest level the organization can be trusted to produce products and provide services that are both dependable and secure. The article presents the practices and the maturity framework. It also discusses the practical mechanisms for implementing this model in a real world setting.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2009
Accession Number
AD1147152

Entities

People

  • Dan Shoemaker

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Human Systems

DTIC Thesaurus Topics

  • Accountability
  • Acquisition
  • Best Practices
  • Commerce
  • Department Of Defense
  • Education
  • Engineering
  • Executives
  • Guarantees
  • Homeland Security
  • Human Behavior
  • Motivation
  • Security
  • Software Assurance
  • Software Development
  • Standards
  • Training
  • United States

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Operations Research
  • Systems Analysis and Design