Page 165 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 165

Unit 11: Security Models & Frameworks and Methodologies for Information System Security




          to isolated defects within those processes, toward the end-goal of gaining improved insight into  Notes
          processes and to foster an surroundings of continuous quality improvement  with respect to
          processes.
          Even if  an engineering  organization has  begin  on  a  non-CMM  path  (like  Six  Sigma),  the
          SSE-CMM could offer value to the organization.


                Example: Non-CMM path is Six Sigma.


               !
             Caution For those organizations that are previously leveraging a CMM approach, then the
             addition of SSE-CMM to the blend should be relatively uncomplicated and could yield
             traceable consequences in a short time era.

          Self Assessment

          Fill in the blanks:
          6.   A ......................... is a defined preserved structure in which another software project can be
               controlled and developed.
          7.   The purpose of ......................... is to identify “the needs for establishing, implementing,
               operating, monitoring, reviewing, preserving and improving documented ISMS inside
               the context of the organization’s on the whole business risks.
          8.   The ......................... Framework offers a tool for the business procedure owner that influence
               the discharge of business process tasks.
          9.   ......................... is defined as a process reference model which is concentrated upon the
               needs for  executing security in a  system or series of  connected  systems  that are  the
               Information.
          10.  The SSE-CMM is a common framework for executing ......................... engineering within
               an organization.

          11.4 Methodologies for Information System Security

          By defining a high-level and mid-level construct, it is then reasonable to search for a low-level
          build that can be used to describe those techniques that go into particular details for executing
          within a concentrated area. In software engineering and project management, a methodology is
          a codified set of suggested implementations, sometimes escorted by training materials, formal
          educational programs, worksheets, and diagramming devices.
          A methodology is a targeted build that defines particular practices, procedures, and rules for
          accomplishment or execution of a particular task or function.
          The  following  seven  methods  have  been  located  to  supply  specific  direction  toward
          implementation or execution of a specific task. Each method is classified as a methodology.

          11.4.1 INFOSEC Assessment Methodology (IAM)


          Its purpose is to offer a method that “can be used as a consistent baseline for the investigation of
          the INFOSEC position of automated information systems.” IAM is concentrated on offering a
          high-level assessment of “a specified, operational system for the reason of identifying possible
          vulnerabilities.



                                           LOVELY PROFESSIONAL UNIVERSITY                                   159
   160   161   162   163   164   165   166   167   168   169   170