Cấp 5 Nâng cao năng lực tổ chức 5,2 Cải thiện hiệu quả quá trình mô tả tương ứng của năm cấp độ được đưa ra như sau: * ✦ Cấp 1, "Biểu diễn chính thức, tập trung vào việc một tổ chức hoặc ject chuyên nghiệp thực hiện một quá trình kết hợp các BPs. Một tuyên bố đặc trưng cho mức độ này sẽ được, | Chapter 5 Security Architecture and Models 285 Level 5 Improving Organizational Capability Improving Process Effectiveness The corresponding descriptions of the five levels are given as follows Level 1 Performed Informally focuses on whether an organization or project performs a process that incorporates the BPs. A statement characterizing this level would be You have to do it before you can manage it. Level 2 Planned and Tracked focuses on project-level definition planning and performance issues. A statement characterizing this level would be Understand what s happening on the project before defining organizationwide processes. Level 3 Well Defined focuses on disciplined tailoring from defined processes at the organization level. A statement characterizing this level would be Use the best of what you ve learned from your projects to create organization-wide processes. Level 4 Quantitatively Controlled focuses on measurements being tied to the business goals of the organization. Although it is essential to begin collecting and using basic project measures early measurement and use of data is not expected organization-wide until the higher levels have been achieved. Statements characterizing this level would be You can t measure it until you know what it is and Managing with measurement is only meaningful when you re measuring the right things. Level 5 Continuously Improving gains leverage from all the management practice improvements seen in the earlier levels and then emphasizes the cultural shifts that will sustain the gains made. A statement characterizing this level would be A culture of continuous improvement requires a foundation of sound management practice defined processes and measurable goals. Information Security Models Models are used in information security to formalize security policies. These models might be abstract or intuitive and will provide a framework for the understanding of fundamental concepts. In this section three types of models
