Systems Security Engineering Capability Maturity Model with Support of Simulation and Knowledge Management

Danijela Bambir, Željko Hutinski, Vesna Dušak: Systems Security Engineering Capability Maturity Model with Support of Simulation and Knowledge Management
CECIIS conference, 24-26.9 2008

Abstract:
With the increasing reliance of society on information, the protection of that information and related system is becoming extremely relevant. Because of that, security engineering expanded its domain to many areas like financial transactions, contractual agreements, personal information and the Internet. Therefore, then appeared a need for appropriate methods and practices required by various participants in security engineering process. As a result, SSE-CMM was developed, describing the essential characteristics of an organization’s security engineering process. The model consists of five capability levels that address different maturity stages. In this paper it is shown that simulation and knowledge management can be used to support improvement at all five levels of the SSE-CMM. Simulation and KM capabilities at each SSE-CMM level build upon the capabilities of the preceding levels, and match the needs of the security engineering practices at that capability level.

Keywords: SSE-CMM, simulation, knowledge management