Welcome to the Security Capability Assessment Tool, created by CSO Magazine and the Software Engineering Institute’s CERT Coordination Center. This is an exercise for security professionals to assess their current security practices and to determine which practices are repeatable, documented, and regularly reviewed and updated — characteristics that enhance security strategy and policies. The tool is organized into four topic areas — Risk Assessment/Management, Management and Policy, System and Network Management, and Physical Security. Questions within each practice topic area are listed in the recommended order for moving from least capable to more capable.
Sources: CSO Magazine, Software Engineering Institute CERT Coordination Center
Subjects: Best Practices, IT / Technology / E-Business