Security level management

Security level management (SLM) comprises a quality assurance system for electronic information security.

The aim of SLM is to display the IT security status transparently across a company at any time, and to make IT security a measurable quantity. Transparency and measurability form the prerequisites for making IT security proactively monitorable, so that it can be improved continuously.

SLM is oriented towards the phases of the Deming Cycle/Plan-Do-Check-Act (PDCA) Cycle: within the scope of SLM, abstract security policies or compliance guidelines at a company are transposed into operative, measureable specifications for the IT security infrastructure. The operative aims form the security level to be reached.

The security level is checked permanently against the current performance of the security systems (malware scanner, patch systems, etc.). Deviations can be recognised early on and adjustments made to the security system. SLM falls under the range of duties of the chief security officer (CSO), the chief information officer (CIO) or the chief information security officer (CISO), who report directly to the Executive Board on IT Security and data availability.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.