HG CMMI Security Process Review

The Capability Maturity Model Integration (CMMI) Security Process Review measures the maturity, effectiveness and efficiency of your organization’s security posture. Based on Carnegie Mellon University’s CMMI framework for process improvement, and leveraging the ISO 2700x security model, Herjavec Group’s CMMI Security Process Review provides a baseline security assessment to help your organization identify current vulnerabilities and areas for improvement.

The ISO 2700x domains reviewed include:

  • Security Policy
  • Organization of Information Security
  • Human Resource Security
  • Asset Management
  • Cryptography
  • Physical and Environmental Security
  • Operational Security
  • Network Security Management
  • Information Systems – Acquisition, Development, Maintenance
  • Supplier Relationships
  • Incident Management
  • Business Continuity Management
  • Compliance

Within each domain, key process areas are reviewed, measured and evaluated based on their maturity. Maturity level rankings are as follows:

Screen Shot 2016-07-05 at 5.46.19 PM

The CMMI Security Process Review begins with the enterprise customer completing a detailed questionnaire encompassing each of the ISO domains. Following receipt of the document, and an initial review, Herjavec Group will schedule a call with the customer for clarification and further investigation. Herjavec Group will then complete the CMMI Security Process Review, providing an average maturity score and percentage for the organization. The output to the customer from a CMMI Security Process Review includes an Executive Summary, the CMMI Security Model and a set of recommendations for addressing improvements in their score. 

To learn more about Herjavec Group’s Security Consulting Practice, or schedule a CMMI Security Process Review, contact us.