ISO/IEC 21827
ISO/IEC 21827
ISO/IEC 21827
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>ISO</strong>/<strong>IEC</strong> <strong>21827</strong>:2002(E)<br />
6.4 Summary Chart<br />
This chart represents the model at a high level of abstraction. The practitioner is cautioned that each process area<br />
consists of a number of base practices, which are described in detail in Clause 7 and Annex B. Also, each common<br />
feature consists of a number of generic practices, which are described in detail in Annex A.<br />
5.2 Improving Proc. Effectiveness<br />
5.1 Improving Org. Capability<br />
4.2 Objectively Managing Perf.<br />
4.1 Establish Meas. Quality Goals<br />
3.3 Coordinate Practices<br />
3.2 Perform the Defined Process<br />
3.1 Defining a Standard Process<br />
2.4 Tracking Performance<br />
2.3 Verifying Performance<br />
2.2 Disciplined Performance<br />
2.1 Planned Performance<br />
1.1 Base Practices Are Performed<br />
Common<br />
Features<br />
Process<br />
Areas<br />
PA01 – Administer Security Controls<br />
PA02 – Assess Impact<br />
PA03 – Assess Security Risk<br />
PA04 – Assess Threat<br />
PA05 – Assess Vulnerability<br />
PA06 – Build Assurance Argument<br />
PA07 – Coordinate Security<br />
PA08 – Monitor Security Posture<br />
PA09 – Provide Security Input<br />
PA10 – Specify Security Needs<br />
PA11 – Verify and Validate Security<br />
PA12 – Ensure Quality<br />
PA13 – Manage Configuration<br />
PA14 – Manage Project Risk<br />
PA15 – Monitor and Control Technical Ef<br />
PA16 – Plan Technical Effort<br />
PA17 – Define Org. Systems Eng. Proce<br />
PA18 – Improve Org. Systems Eng. Proc<br />
PA19 – Manage Product Line Evolution<br />
PA20 – Manage Systems Eng. Support E<br />
PA21 – Provide Ongoing Skills and Knldg<br />
PA22 – Coordinate with Suppliers<br />
Security Engineering<br />
Process Areas<br />
Project and Organizational<br />
Process Areas<br />
Figure 7 - Summary of Process Areas and Common Features relationships<br />
7 Security Base Practices<br />
This clause contains the base practices, that is, the practices considered essential to the conduct of basic security<br />
engineering. Note that the process areas are numbered in no particular order since the SSE-CMM® does not prescribe<br />
a specific process or sequence.<br />
An organization can be assessed against any one single process area or combination of process areas. The process<br />
areas together, however, are intended to cover all base practices for security engineering and there are many<br />
inter-relationships between the process areas. At present, the SSE-CMM® comprises 11 security process areas, each<br />
20 © <strong>ISO</strong>/<strong>IEC</strong> 2002 – All rights reserved