Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Says Brad Nigh, director of professional services and innovation at FRSecure: "Organizations often use CMMI as a classification of how mature components of their security programs are. CMMI focuses on process and documentation with the benefit of being able to plug a new employee in with minimal concern of disruption to the process/program. The problem with the CMMI scale is that it doesn't factor the value of assets an organization has.
"As a result, you get a false sense of security — an assumption that you're safe because of your well-oiled processes without giving consideration to whether the processes actually work for your environment and if they address your biggest risks/vulnerabilities."
(Image: Gorodenkoff via Adobe Stock)
Says Brad Nigh, director of professional services and innovation at FRSecure: "Organizations often use CMMI as a classification of how mature components of their security programs are. CMMI focuses on process and documentation with the benefit of being able to plug a new employee in with minimal concern of disruption to the process/program. The problem with the CMMI scale is that it doesn't factor the value of assets an organization has.
"As a result, you get a false sense of security — an assumption that you're safe because of your well-oiled processes without giving consideration to whether the processes actually work for your environment and if they address your biggest risks/vulnerabilities."
(Image: Gorodenkoff via Adobe Stock)
Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. View Full Bio
Tweet This
