Implementation and Evaluation of Systems Security for Engineering Capability and Maturity Model

Abstract

Increased use of Electronic and Mobile Businesses (E/M-business) as well as their countless associated applications has introduced a growing concern about information system security. Hence security of software products and services plays a major role in software industry. Since software security feature is not appropriate to be added through the addition of sets of features, it must be designed and integrated with the every phase of the software development life cycle. The aim of this thesis is to measure the capability and maturity of some Sudanese software companies in developing secure software products. In order to achieve above goal, this thesis has used widely accepted standard System Security Engineering Capability Maturity Model (SSE-CMM) as a reference model. Surveys were conducted in some of the local software companies to gather the data regarding the system security engineering practices being performed. Data collected from the surveys were analyzed and were statistically compared. Results obtained from the analysis indicated that security engineering activities practiced by the companies differ from one to another and none of the companies succeeded in achieving SSE-CMM Level 1, which might reflect the actual security practices for the developed software products.