SlideShare a Scribd company logo

CMMI.pptx

Download as PPTX, PDF
Pandiya Rajan
Pandiya Rajan

capability maturity model

Education
1 of 9
• The initial steps of a simplified Agile approach to initiate an enterprise security architecture program are
The Capability Maturity Model Integration (CMMI) The Capability Maturity Model Integration (CMMI) is a process and behavioral model that helps organizations streamline process improvement and encourage productive, efficient behaviors that decrease risks in software, product, and service development
CMMI Maturity Levels • Maturity Level 0 – Incomplete: Goals have not been established at this point and processes are only partly formed or do not meet the organizational needs.
CMMI Maturity Levels • Maturity Level 1 – Initial: Processes are viewed as unpredictable and reactive. At this stage, “work gets completed but it’s often delayed and over budget.” Maturity Level 2 – Managed There’s a level of project management achieved. Projects are “planned, performed, measured and controlled” at this level, but there are still a lot of issues to address.
• Maturity Level 3 – Defined: • There’s a set of “organization-wide standards” to “provide guidance across projects, programs and portfolios.” Businesses understand their shortcomings, how to address them and what the goal is for improvement. • Maturity Level 4 – Quantitatively managed: • This stage is more measured and controlled. The organization is working off quantitative data to determine predictable processes that align with stakeholder needs. The business is ahead of risks, with more data-driven insight into process deficiencies.
• Maturity Level 5 – Optimizing: Here, an organization’s processes are stable and flexible. At this final stage, an organization will be in constant state of improving and responding to changes or other opportunities. The organization is stable, which allows for more “agility and innovation,” in a predictable environment.
• This maturity can be identified for a range of controls. Depending on the architecture, it might have more or fewer controls. • Some example controls are: • Procedural controls • Risk management framework • User awareness • Security governance • Security policies and standards • Operational controls • Asset management • Incident management • Vulnerability management • Change management • Access controls • Event management and monitoring
• Application controls • Application security platform (web application firewall [WAF], SIEM, advanced persistent threat [APT] security) • Data security platform (encryption, email, database activity monitoring [DAM], data loss prevention [DLP]) • Access management (identity management [IDM], single sign-on [SSO]) • Endpoint controls • Host security (AV, host intrusion prevention system [HIPS], patch management, configuration and vulnerability management) • Mobile security (bring your own device [BYOD], mobile device management [MDM], network access control [NAC]) • Authentication (authentication, authorization, and accounting [AAA], two factor, privileged identity management [PIM]) • Infrastructure controls • Distributed denial of service (DDoS), firewall, intrusion prevention system (IPS), VPN, web, email, wireless, DLP, etc.

Recommended

Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLP
Robert Kloots
 
Cmmi
CmmiCmmi
Cmmi
noerdianto sumhar
 
Cmmi (2)
Cmmi (2)Cmmi (2)
Cmmi (2)
Chintakunta Hariteja
 
Capability Maturity Model Integration
Capability Maturity Model IntegrationCapability Maturity Model Integration
Capability Maturity Model Integration
AAKASH S
 
Audit maturity model
Audit maturity modelAudit maturity model
Audit maturity model
csandit
 
AUDIT MATURITY MODEL
AUDIT MATURITY MODELAUDIT MATURITY MODEL
AUDIT MATURITY MODEL
cscpconf
 
Establishing the Core of an Effective Technology Risk Management Program
Establishing the Core of an Effective Technology Risk Management ProgramEstablishing the Core of an Effective Technology Risk Management Program
Establishing the Core of an Effective Technology Risk Management Program
Amna Awan
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshop
SLVA Information Security
 

Recommended

Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLP
Robert Kloots
 
Cmmi
CmmiCmmi
Cmmi
noerdianto sumhar
 
Cmmi (2)
Cmmi (2)Cmmi (2)
Cmmi (2)
Chintakunta Hariteja
 
Capability Maturity Model Integration
Capability Maturity Model IntegrationCapability Maturity Model Integration
Capability Maturity Model Integration
AAKASH S
 
Audit maturity model
Audit maturity modelAudit maturity model
Audit maturity model
csandit
 
AUDIT MATURITY MODEL
AUDIT MATURITY MODELAUDIT MATURITY MODEL
AUDIT MATURITY MODEL
cscpconf
 
Establishing the Core of an Effective Technology Risk Management Program
Establishing the Core of an Effective Technology Risk Management ProgramEstablishing the Core of an Effective Technology Risk Management Program
Establishing the Core of an Effective Technology Risk Management Program
Amna Awan
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshop
SLVA Information Security
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual ciso
Michael Ball
 
Managing an enterprise cyber security program
Managing an enterprise cyber security programManaging an enterprise cyber security program
Managing an enterprise cyber security program
abdulkhalid murady
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard
Jim Robins
 
Software development o & c
Software development o & cSoftware development o & c
Software development o & c
Amit Patil
 
CISSP 8 Domains.pdf
CISSP 8 Domains.pdfCISSP 8 Domains.pdf
CISSP 8 Domains.pdf
dotco
 
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptxthreat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
ImXaib
 
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringGain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls Monitoring
Emma Kelly
 
Cmmi and its level
Cmmi and its levelCmmi and its level
Cmmi and its level
Minhal Zafar
 
Microsoft InfoSec for cloud and mobile
Microsoft InfoSec for cloud and mobileMicrosoft InfoSec for cloud and mobile
Microsoft InfoSec for cloud and mobile
Vijayananda Mohire
 
Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010
Donald E. Hester
 
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practiceJohn Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
itSMF UK
 
Capability Maturity Model Integartion
Capability Maturity Model IntegartionCapability Maturity Model Integartion
Capability Maturity Model Integartion
Saqib Raza
 
CISM_WK_1.pptx
CISM_WK_1.pptxCISM_WK_1.pptx
CISM_WK_1.pptx
dotco
 
Risk management & compliance with xyea october 2012
Risk management & compliance with xyea october 2012Risk management & compliance with xyea october 2012
Risk management & compliance with xyea october 2012
Xyea
 
it grc
it grc it grc
it grc
9535814851
 
crisc_wk_2a.pptx
crisc_wk_2a.pptxcrisc_wk_2a.pptx
crisc_wk_2a.pptx
dotco
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
PECB
 
2015 05-kuwait-log maturity-compressed
2015 05-kuwait-log maturity-compressed2015 05-kuwait-log maturity-compressed
2015 05-kuwait-log maturity-compressed
promediakw
 
Dr. Almerindo Graziano - log maturity-compressed
Dr. Almerindo Graziano - log maturity-compressedDr. Almerindo Graziano - log maturity-compressed
Dr. Almerindo Graziano - log maturity-compressed
promediakw
 
Scrum at Scale
Scrum at ScaleScrum at Scale
Scrum at Scale
Salesforce Engineering
 
CICD.pptx
CICD.pptxCICD.pptx
CICD.pptx
Pandiya Rajan
 
HTML-Advance.pptx
HTML-Advance.pptxHTML-Advance.pptx
HTML-Advance.pptx
Pandiya Rajan
 

More Related Content

Similar to CMMI.pptx

CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard
Jim Robins
 
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptxthreat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
ImXaib
 
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringGain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls Monitoring
Emma Kelly
 
Risk management & compliance with xyea october 2012
Risk management & compliance with xyea october 2012Risk management & compliance with xyea october 2012
Risk management & compliance with xyea october 2012
Xyea
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
PECB
 
2015 05-kuwait-log maturity-compressed
2015 05-kuwait-log maturity-compressed2015 05-kuwait-log maturity-compressed
2015 05-kuwait-log maturity-compressed
promediakw
 

Similar to CMMI.pptx (20)

Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual ciso
 
Managing an enterprise cyber security program
Managing an enterprise cyber security programManaging an enterprise cyber security program
Managing an enterprise cyber security program
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard
 
Software development o & c
Software development o & cSoftware development o & c
Software development o & c
 
CISSP 8 Domains.pdf
CISSP 8 Domains.pdfCISSP 8 Domains.pdf
CISSP 8 Domains.pdf
 
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptxthreat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
 
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringGain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls Monitoring
 
Cmmi and its level
Cmmi and its levelCmmi and its level
Cmmi and its level
 
Microsoft InfoSec for cloud and mobile
Microsoft InfoSec for cloud and mobileMicrosoft InfoSec for cloud and mobile
Microsoft InfoSec for cloud and mobile
 
Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010
 
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practiceJohn Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
 
Capability Maturity Model Integartion
Capability Maturity Model IntegartionCapability Maturity Model Integartion
Capability Maturity Model Integartion
 
CISM_WK_1.pptx
CISM_WK_1.pptxCISM_WK_1.pptx
CISM_WK_1.pptx
 
Risk management & compliance with xyea october 2012
Risk management & compliance with xyea october 2012Risk management & compliance with xyea october 2012
Risk management & compliance with xyea october 2012
 
it grc
it grc it grc
it grc
 
crisc_wk_2a.pptx
crisc_wk_2a.pptxcrisc_wk_2a.pptx
crisc_wk_2a.pptx
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
 
2015 05-kuwait-log maturity-compressed
2015 05-kuwait-log maturity-compressed2015 05-kuwait-log maturity-compressed
2015 05-kuwait-log maturity-compressed
 
Dr. Almerindo Graziano - log maturity-compressed
Dr. Almerindo Graziano - log maturity-compressedDr. Almerindo Graziano - log maturity-compressed
Dr. Almerindo Graziano - log maturity-compressed
 
Scrum at Scale
Scrum at ScaleScrum at Scale
Scrum at Scale
 

More from Pandiya Rajan

More from Pandiya Rajan (20)

CICD.pptx
CICD.pptxCICD.pptx
CICD.pptx
 
HTML-Advance.pptx
HTML-Advance.pptxHTML-Advance.pptx
HTML-Advance.pptx
 
css1.pptx
css1.pptxcss1.pptx
css1.pptx
 
HTML-Basic.pptx
HTML-Basic.pptxHTML-Basic.pptx
HTML-Basic.pptx
 
UNIT-I Introduction to CICD.pptx
UNIT-I Introduction to CICD.pptxUNIT-I Introduction to CICD.pptx
UNIT-I Introduction to CICD.pptx
 
UNIT-I Introduction to Ansible.pptx
UNIT-I Introduction to Ansible.pptxUNIT-I Introduction to Ansible.pptx
UNIT-I Introduction to Ansible.pptx
 
UNIT-I Introduction to CICD.pptx
UNIT-I Introduction to CICD.pptxUNIT-I Introduction to CICD.pptx
UNIT-I Introduction to CICD.pptx
 
page_fault pbm.ppt
page_fault pbm.pptpage_fault pbm.ppt
page_fault pbm.ppt
 
process syn.ppt
process syn.pptprocess syn.ppt
process syn.ppt
 
Selenium.pptx
Selenium.pptxSelenium.pptx
Selenium.pptx
 
selinuxbasicusage.pptx
selinuxbasicusage.pptxselinuxbasicusage.pptx
selinuxbasicusage.pptx
 
lvm.pptx
lvm.pptxlvm.pptx
lvm.pptx
 
SSH.ppt
SSH.pptSSH.ppt
SSH.ppt
 
environmentalpollution-.pptx
environmentalpollution-.pptxenvironmentalpollution-.pptx
environmentalpollution-.pptx
 
DM.pptx
DM.pptxDM.pptx
DM.pptx
 
thermal pollution.pptx
thermal pollution.pptxthermal pollution.pptx
thermal pollution.pptx
 
marinepollution.pptx
marinepollution.pptxmarinepollution.pptx
marinepollution.pptx
 
logical volume manager.ppt
logical volume manager.pptlogical volume manager.ppt
logical volume manager.ppt
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptx
 
c-c++-java-python programs.docx
c-c++-java-python programs.docxc-c++-java-python programs.docx
c-c++-java-python programs.docx
 

Recently uploaded

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
Chris Hunter
 

Recently uploaded (20)

Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesEnergy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptx
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 

CMMI.pptx

  • 1.
  • 2. • The initial steps of a simplified Agile approach to initiate an enterprise security architecture program are
  • 3. The Capability Maturity Model Integration (CMMI) The Capability Maturity Model Integration (CMMI) is a process and behavioral model that helps organizations streamline process improvement and encourage productive, efficient behaviors that decrease risks in software, product, and service development
  • 4. CMMI Maturity Levels • Maturity Level 0 – Incomplete: Goals have not been established at this point and processes are only partly formed or do not meet the organizational needs.
  • 5. CMMI Maturity Levels • Maturity Level 1 – Initial: Processes are viewed as unpredictable and reactive. At this stage, “work gets completed but it’s often delayed and over budget.” Maturity Level 2 – Managed There’s a level of project management achieved. Projects are “planned, performed, measured and controlled” at this level, but there are still a lot of issues to address.
  • 6. • Maturity Level 3 – Defined: • There’s a set of “organization-wide standards” to “provide guidance across projects, programs and portfolios.” Businesses understand their shortcomings, how to address them and what the goal is for improvement. • Maturity Level 4 – Quantitatively managed: • This stage is more measured and controlled. The organization is working off quantitative data to determine predictable processes that align with stakeholder needs. The business is ahead of risks, with more data-driven insight into process deficiencies.
  • 7. • Maturity Level 5 – Optimizing: Here, an organization’s processes are stable and flexible. At this final stage, an organization will be in constant state of improving and responding to changes or other opportunities. The organization is stable, which allows for more “agility and innovation,” in a predictable environment.
  • 8. • This maturity can be identified for a range of controls. Depending on the architecture, it might have more or fewer controls. • Some example controls are: • Procedural controls • Risk management framework • User awareness • Security governance • Security policies and standards • Operational controls • Asset management • Incident management • Vulnerability management • Change management • Access controls • Event management and monitoring
  • 9. • Application controls • Application security platform (web application firewall [WAF], SIEM, advanced persistent threat [APT] security) • Data security platform (encryption, email, database activity monitoring [DAM], data loss prevention [DLP]) • Access management (identity management [IDM], single sign-on [SSO]) • Endpoint controls • Host security (AV, host intrusion prevention system [HIPS], patch management, configuration and vulnerability management) • Mobile security (bring your own device [BYOD], mobile device management [MDM], network access control [NAC]) • Authentication (authentication, authorization, and accounting [AAA], two factor, privileged identity management [PIM]) • Infrastructure controls • Distributed denial of service (DDoS), firewall, intrusion prevention system (IPS), VPN, web, email, wireless, DLP, etc.