Search in ISMS Guides


Wednesday, July 25, 2007

SSE-CMM (ISO21287) is a maturity standard for security. What need there is for another one ?

Using SSE-CMM own words, SSE-CMM is "A tool for engineering organizations to evaluate their security engineering practices, a method by which security engineering evaluation organizations can establish confidence in the organizational capability; A standard mechanism for customers to evaluate a provider's security engineering capability", while ISM3 is a standard for security management (how to achieve the organizations mission despite of errors, attacks and accidents with a given budget). They have not the same subject matter.


No comments: