This document includes a capability maturity model that can be used to evaluate an organization’s enterprise security practices. In this process, the OPTIMIZING
phase shows that functional teams analyze problems to determine their root causes, removing any errors or faults and improving information technology (IT) management effectiveness. This is a primary focus at this stage.
The capability maturity model describes a maturity curve on these capability levels: INITIAL
, which describes a poorly aligned function with non-documented strategies, manual management processes, lack of integrated systems and heavy reliance on spreadsheets/manual documents; REPEATABLE
, which describes a loosely aligned function supported by informal policies applied to processes performed by personnel with mixed skill levels; DEFINED
, which describes a strategic management structure in place with well-defined processes supported by an organized and highly trained team; MANAGED
, which describes a function aligned with the organizational strategic plan and personnel; and OPTIMIZING
, which describes a management process performed at an optimal level with best practices in full use.
The Capability Maturity Model (CMM) is a framework that describes an improvement path from an ad hoc, immature process to a mature, disciplined process focused on continuous improvement. The CMM defines the state of a process using a common language that is based on the Carnegie Mellon Software Engineering Institute Capability Maturity Model.