Using SSE-CMM own words, SSE-CMM is "A tool for engineering organizations to evaluate their security engineering practices, a method by which security engineering evaluation organizations can establish confidence in the organizational capability; A standard mechanism for customers to evaluate a provider's security engineering capability", while ISM3 is a standard for security management (how to achieve the organizations mission despite of errors, attacks and accidents with a given budget). They have not the same subject matter.
ISM3
www.ism3.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment