SOC-CMM forum

Full Version: Doubt with CMMI levels
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello people,

I am currently working on a project for a client, and I am using this amazing framework to improve their capabilities. I am encountering a doubt regarding CMMI levels and I don't finish to understand: Why this levels appear only in Services section (1-Security Monitoring, 2-Security Incident Management, 3-Security Analysis & Forensics ...) from scratch and what is the purpose of them? I mean, I know that it is explained in the Introduction section but apart from that, they appear from a blank document before start covering it, and they don't change if I modify some values; it is like they don't change its value unless I manually modify them.

Moreover, why they go from a gradient format? Let me explain myself, for example, In Security Monitoring (point number 1.2.1 (Key performance indicators)) it starts form CMMI level 2 and it finishes in point number 1.2.11 (service roles & responsibilities) in CMM level 3. Does it mean I can modify myself or it is just a reference value?

Could anyone explain me that? I would really appreciate it! Wink

Thank you so much mates,
AFS
Hi AFS,

THank you for raising this question. The CMMi levels are meant as a reference value. The CMMi for services was used (together with other models) in the initial version of the SOC-CMM. They are not actively used in calaculations, but merely to indicate how that activity would align to CMMi levels (CMMi for services).

In a way, this is a legacy reference from the thesis project. I will reconsider if I still feel this has any added value. If not, it will be removed in the next version.

With kind regards,
Rob van Os