Abstract

Security risk management (SRM) remains challenging for organizations, especially when working towards SRM effectiveness. Challenges, such as data breaches, insufficient information technology funding, and cyber threats, present increasing complexities when organizations work to address them. Addressing those complexities extend to both the SRM internal capabilities and overall process effectiveness, but little is known on how to measure the SRM process, both internally and externally. With the use of the Software Engineering Institute's Capability Maturity Model Integration (SEI-CMMI) framework's Services (SVC) model and related Risk Management (RSKM) process area, this study provides insights on the internal and external operational effectiveness of the organizational SRM process.

Download

Share

COinS