{"id":501,"date":"2012-02-06T16:37:42","date_gmt":"2012-02-06T14:37:42","guid":{"rendered":"http:\/\/saisa.eu\/blogs\/Guidance\/?p=501"},"modified":"2012-02-06T16:37:42","modified_gmt":"2012-02-06T14:37:42","slug":"bsimm3-security-maturity-and-software-development","status":"publish","type":"post","link":"https:\/\/saisa.eu\/blogs\/Guidance\/?p=501","title":{"rendered":"BSIMM3, Security Maturity and Software Development"},"content":{"rendered":"<p><a href=\"http:\/\/bsimm.com\/\">BSIMM3<\/a> is model tool to compare your maturity against the industry average (earth), see figure below.<\/p>\n<blockquote>\n<p>BSIMM = The Building Security In Maturity Model<\/p>\n<\/blockquote>\n<p><a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2012\/02\/bsimm3fakefirmvsearth42-1.png\"><img loading=\"lazy\" height=\"455\" alt=\"BSIMM3FakeFirmvsEarth42\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2012\/02\/bsimm3fakefirmvsearth42-1-small.png\" width=\"640\" \/><\/a><\/p>\n<p>42 <a href=\"http:\/\/www.bsimm.com\/community\/\">companies<\/a> has particpated on this BSIMM project. Some of the company names are public: Adobe, Aon, Bank of America, Capital One, The Depository Trust &amp; Clearing Corporation (DTCC), EMC, Fannie Mae, Fidelity, Google, Intel, Intuit, Mashery, McKesson, Microsoft, Nokia, QUALCOMM, Sallie Mae, SAP, Scripps Networks Interactive, Sony Ericsson, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, Visa, VMware, Wells Fargo, and Zynga.<\/p>\n<p>The 42 companies represent industries as follows:<\/p>\n<ul>\n<li>financial services (17)<\/li>\n<li>independent software vendors (15)<\/li>\n<li>technology firms (10)<\/li>\n<li>telecommunications (3)<\/li>\n<li>insurance (2)<\/li>\n<li>energy (2)<\/li>\n<li>media (2)<\/li>\n<li>healthcare (1)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>BSIMM3 describes 109 <a href=\"http:\/\/bsimm.com\/online\/\">activities<\/a> organized in 4 domains and 12 practices.<\/p>\n<p><a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2012\/02\/bsimm3-practises.png\"><img loading=\"lazy\" height=\"288\" alt=\"BSIMM3-practises\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2012\/02\/bsimm3-practises-small.png\" width=\"640\" \/><\/a><\/p>\n<p>Term <a href=\"http:\/\/bsimm.com\/vbsimm\/\">vBSIMM<\/a> is used <strong>Vendor<\/strong> Control in the BSIMM. It includes five specific activities:<\/p>\n<ul>\n<li>Compliance &amp; Policy activity 2.4: Paper all vendor contracts with SLAs compatible with policy.<\/li>\n<li>Compliance &amp; Policy activity 3.2: Impose policy on vendors.<\/li>\n<li>Standards and Requirements acivity 2.1: Communicate standards to vendors.<\/li>\n<li>Standards and Requirements activity 2.5: Create SLA boilerplate.<\/li>\n<li>Training 3.2: Provide training for vendors or outsource workers.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>BSIMM3 is model tool to compare your maturity against the industry average (earth), see figure below. BSIMM = The Building Security In Maturity Model 42 companies has particpated on this BSIMM project. Some of the company names are public: Adobe, &hellip; <a href=\"https:\/\/saisa.eu\/blogs\/Guidance\/?p=501\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[53,26],"tags":[],"_links":{"self":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/501"}],"collection":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=501"}],"version-history":[{"count":0,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/501\/revisions"}],"wp:attachment":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=501"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=501"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=501"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}