Drag and drop the various SSE-CMM levels at the appropriate places.
Explanation:
The various SSE-CMM levels are described in the table below.
LEVEL DESCRIPTION
LEVEL 1 It focuses on whether an organization or project performs a process that incorporates the
BPs. A statement characterizing this level would be, “You have to do it before you can manage it.”
LEVEL 2 It focuses on project-level definition, planning, and performance issues. A statement
characterizing this level would be, “Understand what’s happening on the project before defining
organization-wide processes.” LEVEL 3It focuses on disciplined tailoring from defined processes at
the organization level. A statement characterizing this level would be, “Use the best of what you’ve
learned from your projects to create organization-wide processes.”
LEVEL 4It focuses on measurements being tied to the business goals of the organization. Although it
is essential to begin collecting and using basic project measures early, measurement and use of data
are not expected organization-wide until the higher levels have been achieved. Statements
characterizing this level would be, “You can’t measure it until you know what ‘it’ is,” and “Managing
with measurement is meaningful only when you’re measuring the right things.”
LEVEL 5It gains leverage from all the management practice improvements seen in the earlier levels,
then emphasizes the cultural shifts that will sustain the gains made. A statement characterizing this
level would be, “A culture of continuous improvement requires a foundation of sound management
practice, defined processes, and measurable goals.”
CISM Review Manual 2010, Contents. “Information Security Program Development”