Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement security policy for an organization. Answer the following questions regarding SAMM: How do organizations generally deploy SAMM Model? Is SAMM a descriptive model or prescriptive model? Write the rationale behind your answer.

Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement security policy for an organization. Answer the following questions regarding SAMM: How do organizations generally deploy SAMM Model? Is SAMM a descriptive model or prescriptive model? Write the rationale behind your answer.

Management Of Information Security

6th Edition

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:WHITMAN, Michael.

Chapter5: Developing The Security Program

Section: Chapter Questions

Problem 1E

See similar textbooks

Similar questions

What are your opinions on the relevance of firms beginning the process of system development with the implementation of security measures as early as possible?
The following case studies illustrate how a security framework could be useful during the planning and execution phases. Just how does it work, you ask, this IT governance stuff? To whom do the responsibilities of preparation for organization belong?
A. What conditions must be met to ensure that risk acceptance has been used properly? B. Discuss the concept of an organisation’s competitive advantage against competitors and how it has evolved over the years with the ongoing development of the IT industry. C. Explain why networking components need more examination from an information security perspective than from a systems development perspective. Why must this practice be periodically reviewed? D. With the aid of a diagram, discuss the contingency planning hierarchy. E. What is the DMZ? Discuss whether this is a good name for the function that this type of subnet performs.
Explain in your own words why it is important to design information security into applications during each phase of the SDLC.
The final step in the security risk assessment process is to _____. a. assess the feasibility of implementing each of the identified mitigation measures b. decide whether or not to implement particular countermeasures c. create a chart that identifies loss events, their frequency, and their monetary costs d. analyze the costs and benefits of various countermeasures
How can the principles of DevSecOps be applied to integrate security testing seamlessly into the software development lifecycle?
How precisely can a security framework help in the planning and implementation of a security infrastructure? As compared to other forms of governance, information security governance stands out due to its unique characteristics. Is there a person or group inside the company who should be responsible for making contingency plans?
Discuss the concept of "security testing" in software quality assurance. What are common security vulnerabilities, and how can they be mitigated during development?
do you think that OWASP Dependency CHeck is a better tool (compared to both SimpleRisk and SFK) in terms of vulnerability assessment, as presented in NIST's Secure Software Development Framework?
What are the main reasons to implement security policies within an organization? How is quantitative analysis different from qualitative analysis? What are some or the early steps taken during the initial phases of the system development life cycle? How can pre-employment processing improve the security of an organization?
Describe the five domains of the general security maintenance model
elaborate on the following The following strategies will be used to develop information systems in the future: Continuous threat and system behaviour monitoring Formal methodologies for vulnerability detection Use of testbeds to assess risks in fielded systems Access rights and privileges management Standards for certification and accreditation