Assessing risk begins with baselining, establishing a current state to get to the desired state. Progress is measured by meeting milestones and objectives, i.e. a maturing process. For example, the capability maturity model has the following framework:
- Initial – informal
- Documented Strategy & Principles – formalizing
- Adaptive Security Architecture – well defined
- Security Organization & Roadmap – optimized
- Baseline Security Standards – quantitatively controlled
Give examples of risk at the level of these categories and how each level mitigates risks from the previous level?
Don't use plagiarized sources. Get Your Custom Essay on
Discussion
Just from $13/Page
