Assessing risk begins with baselining, establishing a current state to get to the desired state.  Progress is measured by meeting milestones and objectives, i.e. a maturing process.  For example,  the capability maturity model has the following framework:

  1. Initial informal
  2. Documented Strategy & Principles – formalizing
  3. Adaptive Security Architecture well defined
  4. Security Organization & Roadmap – optimized
  5. Baseline Security Standards quantitatively controlled

Give examples of risk at the level of these categories and how each level mitigates risks from the previous level? 

Leave a Comment

Your email address will not be published. Required fields are marked *