Security level management
Quality assurance system for electronic information security / From Wikipedia, the free encyclopedia
Dear Wikiwand AI, let's keep it short by simply answering these key questions:
Can you list the top facts and stats about Security level management?
Summarize this article for a 10 year old
Security level management (SLM) comprises a quality assurance system for electronic information security.
This article includes a list of references, related reading, or external links, but its sources remain unclear because it lacks inline citations. (May 2017) |
The aim of SLM is to display the IT security status transparently across a company at any time, and to make IT security a measurable quantity. Transparency and measurability are the prerequisites for improving IT security through continuous monitoring.
SLM is oriented towards the phases of the Deming Cycle/Plan-Do-Check-Act (PDCA) Cycle: within the scope of SLM, abstract security policies or compliance guidelines at a company are transposed into operative, measureable specifications for the IT security infrastructure. The operative aims form the security level to be reached. The security level is checked permanently against the current status of the security software used (malware scanner, update/patch management, vulnerability scanner, etc.). Deviations can be recognised at an early stage and adjustments made to the security software.
SLM falls under the range of duties of the chief security officer (CSO), the chief information officer (CIO) or the chief information security officer (CISO), who report directly to the Executive Board on IT Security and data availability.