Monday, March 09, 2009

Building Security In Maturity Model Partly Applies to Detection and Response

Gary McGraw was kind enough to share a draft of his new Building Security In Maturity Model. I'm not a "software security" guy but I found that the Governance and Intelligence components of the Software Security Framework apply almost exactly to anyone trying to build a detection and response, or "security operations", center. Consider:

I think the whole document is just what the software security world needs, but the two sections should apply equally well, and almost without any modification, to someone trying to build a detection and response operation or at least trying to assess the maturity of their operation.


Richard Bejtlich is teaching new classes in Europe and Las Vegas in 2009. Online Europe registration ends by 1 Apr, and seats are filling. "Super Early" Las Vegas registration ends 15 Mar.

No comments: