Intrusion Detection Systems mailing list archives

Jeff Johnson's CMM security model -- any pointers?

From: genek () tripwiresecurity com (Gene Kim)
Date: Fri, 10 Dec 1999 12:52:58 -0800


Hey, all...

A couple of months back, I was talking with Karen Worstell, and she
mentioned some work that Jeff Johnson had done a while back, basically
creating something like a Security Capability Maturity Model.

Does anyone know where I can find a reference to this, and better yet, know
how to reach Jeff Johnson these days?  

The model was pretty interesting.  It reminds me of a presentation that I
saw from Stephen Katz about the Citicorp ISEM model, which measures the
security awareness of an organization, from complacency, awareness,
integration, measurement, and continual improvement.  (My paraphrase,
unfortunately...)

Thanks a bunch...

Cheers,
Gene

Gene Kim (mailto:genek () tripwiresecurity com)
Chief Technology Officer
Tripwire, Inc. (http://www.tripwiresecurity.com)
1631 NW Thurman St., 1st Floor
Portland, OR 97209
Office: 503-223-0280
Fax:    503-223-0182 

Tripwire in the news!
http://www.forbes.com/asap/html/99/0615/feat.htm

Tripwire is Linux World Security Editor's Choice!
http://www.wpi.com/linuxworld/lw-ec-winners.html

Current thread:

Jeff Johnson's CMM security model -- any pointers? Gene Kim (Dec 10)
- Re: Jeff Johnson's CMM security model -- any pointers? Jackie Chan (Dec 10)
- NFR Help Rodolfo Dias (Dec 14)
  - Re: NFR Help Delores A. Quade (Dec 14)
  - Re: NFR Help Marcus J. Ranum (Dec 14)
  - Re: NFR Help Greg Shipley (Dec 14)
  - Re: NFR Help Carric Dooley (Dec 15)
  - NEW TO IDS kbashir () engro com (Dec 15)
    - Web Trends Sec Analyzer Duke Imaizumi (Dec 16)
    - RE: NEW TO IDS Bill Royds (Dec 16)
    - ISS's RealSecure on UNIX Richters, Eriks (Dec 16)

(Thread continues...)