What is SSE-CMM in information security?

Information SecuritySafe & SecurityData Structure

The SSE-CMM is represented as a process reference model. It is concentrated upon the requirement for executing security in a system or sequence of connected systems that are the Information. The SSE-CMM is a general framework for executing security engineering inside an organization; if possible in conjunction with some manufacturing CMMs.

SSE-CMM defines the goals and the activities contained in such processes, is achieved from implementing these activities and the maturity of the procedure. SSECMM does not support a guideline for a specific methodology or process to be used; its utility lies in the integration of the current processes in the organization with those contained in the model.

Moreover, it depends on each organization’s objectives and goals, there are various processes within SSE-CMM cannot be applicable in defined contexts. For this reason, organizations should carefully study the relationships among multiple practices within the model to decide their applicability as per their need.

The SSE-CMM model is divided in two different but inter-related areas or dimensions such as domain and capability. Different process areas and activities are defined for both sections. The domain related practices are regulate towards security domain while the capability practices are more general and use to a broad range of domains. The capability dimension defines practices that denote process management and institutionalization of capability.

SSE-CMM builds on the work of Deming much as other CMMs have done, concentrated on process definition and improvement as concentrating on process definition and improvement as a core value.

SSE-CMM views at the appearance of security defects, or incidents, and request for identifying the flaw in the related process so as to remediate the flaw, therefore eliminating the overall fault. It can attain improvements in processes, those processes should be expected, with predictable outcomes. Moreover, controls should be defined and unstated neighboring those processes.

SSE-CMM is complex, well-tested architecture for incorporation into an engineeringoriented organization. If the organization performs engineering, like through product development, then need of SSE-CMM, generally in amalgamation within other CMMs, would be very valuable.

SSE-CMM is not the best match for service organizations that are not processed an engineering function. While SSE-CMM surely has key lessons to instruct in terms of management information security holistically, those lessons will be complex to execute outside of an engineering context.

The CMM approach is very sound, yet very overseas to American business culture. It is believed to be beginning with a statistical analysis of processes, and then using those statistics to isolate defects inside those processes, toward the end-objective of gaining improved insight into processes and to foster surroundings of continuous quality improvement concerning processes.

Updated on 08-Mar-2022 06:18:06