Page 1408 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1408

behind the SW-CMM is that the quality of software depends on the
               quality of its development process.

               The stages of the SW-CMM are as follows:


               Level 1: Initial In this phase, you’ll often find hardworking people
               charging ahead in a disorganized fashion. There is usually little or no
               defined software development process.

               Level 2: Repeatable In this phase, basic lifecycle management
               processes are introduced. Reuse of code in an organized fashion begins
               to enter the picture, and repeatable results are expected from similar

               projects. SEI defines the key process areas for this level as
               Requirements Management, Software Project Planning, Software
               Project Tracking and Oversight, Software Subcontract Management,
               Software Quality Assurance, and Software Configuration
               Management.

               Level 3: Defined In this phase, software developers operate
               according to a set of formal, documented software development

               processes. All development projects take place within the constraints
               of the new standardized management model. SEI defines the key
               process areas for this level as Organization Process Focus,
               Organization Process Definition, Training Program, Integrated
               Software Management, Software Product Engineering, Intergroup
               Coordination, and Peer Reviews.

               Level 4: Managed In this phase, management of the software

               process proceeds to the next level. Quantitative measures are utilized
               to gain a detailed understanding of the development process. SEI
               defines the key process areas for this level as Quantitative Process
               Management and Software Quality Management.

               Level 5: Optimizing In the optimized organization, a process of
               continuous improvement occurs. Sophisticated software development
               processes are in place that ensure that feedback from one phase

               reaches to the previous phase to improve future results. SEI defines
               the key process areas for this level as Defect Prevention, Technology
               Change Management, and Process Change Management. For more
               information on the Capability Maturity Model for Software, visit the
   1403   1404   1405   1406   1407   1408   1409   1410   1411   1412   1413