CMMI
CMMI (Capability Maturity Model Integration) is a process improvement maturity model for the development of products and services (see IR Home). It is developed and published by the Software Engineering Institute of the Carnegie Mellon University, Pittsburgh (USA). The documented CMMI processes, which were selected for integration with Risk Management processes, cover activities which guide through the implementation of highly mature development and service processes (CMMI for Development V. 1.2). The CMMI processes themselves are generic and may be applied to various concrete business processes.
Similar to PRINCE2™, CMMI has a very large scope and can thus be used to integrate IT Risk Management with the (re-)design phase of any kind of IT process, i.e. IT Risk Management can be included in the IT process improvement efforts. CMMI is not focussed on projects, like an application development process or a project management framework, but on regular business processes which are executed on a daily basis. During the maturity improvement process execution, valuable information about expected operational risks can be gathered and passed to IT Risk Management. In turn Risk Treatment measures coming from IT Risk Management can be included in the process design.
-
Interoperable EU Risk Management ToolboxThis document presents the EU RM toolbox, a solution proposed by ENISA to address interoperability concerns related to the use of information...
-
Interoperable EU Risk Management FrameworkThis report proposes a methodology for assessing the potential interoperability of risk management (RM) frameworks and methodologies and presents...