Integrated Security Process Improvement Framework for Systems and Services

Security of systems and services has been dominant research area in recent years as today’s cloud services, big data and networked systems, especially when they provide wireless application access where personal and confidential data to be transmitted across the networked systems. Numerous tools and technologies are available to ensure system’s security; however, external threats to computer systems and applications residents thereon, are also becoming more and more sophisticated and on the increase. Therefore, the key aim of this research is to integrate security engineering techniques and process with systems development life-cycle and process improvement frameworks. This paper presents a framework that consists of two components: 1) a security assessment model to looks at the existing security infrastructure of an organisation to determine its security maturity level; and 2) a security improvement maturity model to suggest an improvement mechanism for the organisation to progress from one maturity level to the next higher level. The intention is to provide a scheme to improve the organisation’s Systems and network security with the aim that it becomes more efficient and effective than before.