CMMI Consultant Blog

CMMI Frequently Asked Questions and their responses from CMMI Consultant(s)

  • Home
  • CMMI FAQ
  • CMMI Services
  • About Rajendra Khare
  • « Go to Parent Site – DQSIndia.com

Search CMMI Consultant Blog




What is Security by Design with CMMI for Development?

Information Security 0


20th February, 2015

CMMI Institute released a guide for improving processes for secure products with the name of Security by Design with CMMI for Development, Version 1.3. It was a constant need to develop and deliver secure applications but the processes in the organizations that were developed based on CMMI for Development Models were only concerned with SDLC Best Practices and were not having Security Related best practices. Keeping in view the need of the industry CMMI Institute developed this application guide.

This application guide provides guidance on improving the existing processes with security components. Application guide define a set of 04 additional process areas (PA) for CMMI for Development, Version 1.3 and these PAs integrate seamlessly with existing Process Management, Project Management, and Engineering process area categories of CMMI-DEV.

Overview of these four process areas with security best practices is given below:

  1. Organizational Preparedness for Secure Development (OPSD): The purpose of this process area is to establish and maintain capabilities at organizational level to develop secure products. It also covers management of reported vulnerabilities.
  2. Security Management in Projects (SMP): The purpose of this process area is to establish, identify, plan, and manage security-related activities across the project lifecycle. It also covers the management of security risks related to product.
  3. Security Requirements and Technical Solution (SRTS): The purpose of this process area is to set security requirements in the project. It also focuses on the secure design. This helps in ensuring the implementation of a secure product.
  4. Security Verification and Validation (SVV): This process area helps in ensuring that the selected work products meet their specified security requirements. It also helps in demonstrating that the product or product component fulfills the security expectations when placed in its intended operational environment.

With these processes areas Organization, Project Managers, Process Improvement Professionals and Security Experts can be sure of the security implementation in the products. These process areas can be used to check the Security implementation based on the Specific Practices defined in these process areas.

Share this:

  • Click to email this to a friend (Opens in new window)
  • Click to print (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Reddit (Opens in new window)

Like this:

Like Loading...

Related

You may also like to browse following posts

  • CMMI Institute upcoming Webinar – Considering Security with CMMI-DEV & CMMI-SVC
  • CMMI Implementation and Information Security
  • What are the ways to interest Senior Management in the CMMI Implementation Program or How to win the senior management to sponsor CMMI in the organization?
  • Information security attacks that would matter in year 2014
  • Patient Data and Information Security

Published by CMMI Consultant


cmmi, cmmi implementation, Information Security



Previous Post

Changes in SCAMPI MDD V1.3b

Next Post

As a CMMI Consultant, during CMMI consulting assignment, you may be asked about the benefits of CMMI related to Improvement in Schedule Targets, Post-Release Defect Density and Cost Savings to the End User. CMMI Consultants may answer this question by taking input from the post below:

Leave a Reply Cancel reply


Sidebar

Search

DQS Contact Info

Rajendra Khare (MD)
DQS Certification India Private Limited
Mobile: +91-9810268573
Phone: +91-11-27025910
USA Phone: 703-574-4929, 703-574-4962
E-mail: rkhare@dqsindia.com
Website: http://www.dqsindia.com

About Author


Rajendra's LinkedIn Profile
Rajendra is a qualified and certified Lead Appraiser and Instructor for the following :

  • Certified Lead Appraiser - DEV V2.0
  • Certified Lead Appraiser - SVC V2.0
  • Certified Instructor - Building Development Excellence V2.0
  • Certified Instructor - Building Service Excellence V2.0
  • Certified Instructor - Foundations of Capability V2.0
  • Certified Instructor - High Maturity Concepts
  • Certified Instructor - Partner-Led CMMI V2.0 Upgrade Training
  • SCAMPI High Maturity Lead Appraiser (Certified)
  • Certified SCAMPI v1.3 Lead Appraiser for Acquisition (Certified)
  • Certified SCAMPI v1.3 Lead Appraiser for Development (Certified)
  • Certified SCAMPI v1.3 Lead Appraiser for Services (Certified)
  • Certified Introduction to CMMI-DEV v1.3 Instructor (Certified)
  • Certified Services Supplement for CMMI-DEV Instructor (Certified)
  • Certified CMMI-DEV Level 2 for Practitioners Instructor (Certified)
  • Certified CMMI-DEV Level 3 for Practitioners Instructor (Certified)
  • Certified SCAMPI B & C Team Leader for Acquisition (Certified)
  • Certified SCAMPI B & C Team Leader for Development (Certified)
  • Certified SCAMPI B & C Team Leader for Services (Certified)

View Rajendra's complete profile

Categories

  • Approach to CMMI Certification
  • AS-IS Assessment
  • CMMI
  • CMMI Assessment
  • CMMI Appraisal Sponsor
  • CMMI and ISO
  • CMMI and Security
  • CMMI Benefits
  • CMMI Certification
  • CMMI Compliance
  • CMMI Constellation
  • CMMI Consultant
  • CMMI Consultants
  • CMMI Events
  • CMMI for Development
  • CMMI for Services
  • CMMI High Maturity
  • CMMI Implementation
  • CMMI Institute
  • CMMI Maturity Level 3
  • CMMI Maturity Level 4
  • CMMI Maturity Level 5
  • CMMI Product Suite Services
  • CMMI Toolkit
  • CMMI Tools
  • CMMI Training
  • CMMI Webinar
  • HDI Certification
  • Information Security
  • Mars-e
  • Metrics
  • On Line Consulting
  • Personnel Certifications
  • Process Area
  • Process Mapping
  • Requirements Management
  • SEPG
  • Software Quality
  • Standards for Certification
  • Top / Senior Management
© 2019 Copyright © 2017 CMMI Consultant Blog.
Back to top
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.
%d bloggers like this: