CSO and CERT Security Capability Assessment Tool

CSO and CERT Security Capability Assessment Tool:

Welcome to the Security Capability Assessment Tool, created by CSO Magazine and the Software Engineering Institute’s CERT Coordination Center. This is an exercise for security professionals to assess their current security practices and to determine which practices are repeatable, documented, and regularly reviewed and updated -- characteristics that enhance security strategy and policies. Results of the overall Security Capability Assessment Tool findings will be available at CSOonline.com later this year.

HOW IT WORKS
The tool is organized into four topic areas -- Risk Assessment/Management, Management and Policy, System and Network Management, and Physical Security. Questions within each practice topic area are listed in the recommended order for moving from least capable to more capable. The first column captures the presence or absence of a particular practice (initial condition or starting point). The presence of repeatable processes (column 2) indicates greater capability. And the presence of assigned roles (column 3), process documentation (column 4), and process review and update (column 5) is even more capable.

After completing each section and submitting your responses, the tool will calculate your score for each section. Along with your score you will also receive a customized list of online resources tailored to your information needs as determined by the Security Capability Assessment Tool.