{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

And most importantly an organization can use samm

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: rate improvement through iterations of developing an assurance program. And most importantly, an organization can use SAMM roadmap templates to guide the build-out or improvement of a security assurance initiative. Using the Maturity Levels Each of the twelve Security Practices have three Maturity Levels. Each Level has several components that specify the critical factors for understanding and achieving the stated Level. Beyond that, these prescriptive details make it possible to use the definitions of the Security Practices even outside the context of using SAMM to build a software assurance program. Objective Personnel The Objective is a general statement that captures the assurance goal of attaining the associated Level. As the Levels increase for a given Practice, the Objectives characterize more sophisticated goals in terms of building assurance for software development and deployment. These properties of a Level indicate the estimated ongoing overhead in terms of human resources for operating at the given Level. Activities The Activities are core requisites for attaining the Level. Some are meant to be performed organization-wide and some correspond to actions for individual project teams. In either case, the Activities capture the core security function and organizations are free to determine how they fulfill the Activities. Results The Results characterize capabilities and deliverables obtained by achieving the given Level. In some cases these are specified concretely and in others, a more qualitative statement is made about increased capability. Success Metrics The Success Metrics specify example measurements that can be used to check if an organization is performing at the given Level. Data collection and management is left to the choice of each organization, but recommended data sources and thresholds are provided. SAMM / Applying the Model - v1.0 Costs 20 The Costs are qualitative statements about the expenses incurred by an organization attaining the given Level. While specific values will vary for each organizations, these are meant to provide an idea of the one-time and ongoing costs associated with operating at a particular Level. ✦Developers - Individuals performing detailed ✦ design and implementation of the software ✦Architects - Individuals performing ✦ high-level design work and large scale system engineering ✦Managers - Individuals performing day-to✦ day management of development staff ✦QA Testers - Individuals performing ✦ quality assurance testing and prerelease verification of software ✦Security Auditors - Individuals with ✦ technical security knowledge related to software being produced ✦Business Owners - Individuals performing ✦ key decision making on software and its business requirements ✦Support Operations - Individuals ✦ performing customer support or direct technical operations support Related Levels The Related Levels are references to Levels within other Practices that have some potential...
View Full Document

{[ snackBarMessage ]}

Ask a homework question - tutors are online