The IT security policy framework is the foundation of an organizations information security program. The framework consists of a library of documents, but is just not a collection of documents. The framework and its documents are used to build an organizations processes, determine appropriate technologies to use, and lay the foundation for policy enforcement. The framework is a… Read More »
Measurement and metrics play a crucial role in improving the security characteristics of software during the development process. This article explores the importance of security metrics and provides guidance on software measurement and analysis based on industry standards such as ISO/IEC 15939 and CMMI. It highlights the key practices for aligning measurement objectives with organizational goals and performing effective measurement and analysis activities. The article emphasizes the significance of addressing security concerns throughout the measurement process and offers insights into formulating measurement objectives to achieve security requirements. Additionally, it provides examples of analytical questions that can help assess vulnerabilities, compliance with security processes, and the identification of critical modules. By implementing these measurement practices, organizations can enhance their software development process to effectively incorporate security requirements. The article emphasizes the need for simplicity in measurements while meeting the information needs of the stakeholders