CISSP-ISSMP · Question #115
Drag and drop the various SSE-CMM levels at the appropriate places. Answer:
The correct answer is LEVEL 5; LEVEL 2; LEVEL 3; LEVEL 1. The question tests the candidate's understanding of the Systems Security Engineering-Capability Maturity Model (SSE-CMM) by requiring them to match descriptions of process maturity to their corresponding SSE-CMM levels.
Question
Exhibit
Answer Area
Drag items
Correct arrangement
- LEVEL 5
- LEVEL 2
- LEVEL 3
- LEVEL 1
Explanation
The question tests the candidate's understanding of the Systems Security Engineering-Capability Maturity Model (SSE-CMM) by requiring them to match descriptions of process maturity to their corresponding SSE-CMM levels.
Approach. The correct approach involves understanding the definitions and characteristics of each SSE-CMM level and matching them to the provided descriptions:
- First description: 'It focuses on whether an organization or project performs a process that incorporates the BPs.' - This describes the fundamental execution of processes, aligning with SSE-CMM Level 1 (Performed Informally), where the focus is on whether the basic activities are carried out.
- Second description: 'It focuses on project-level definition, planning, and performance issues.' - This directly corresponds to SSE-CMM Level 2 (Planned and Tracked), which emphasizes planning and tracking processes at the individual project level.
- Third description: 'It focuses on disciplined tailoring from defined processes at the organization level.' - This characteristic is key to SSE-CMM Level 3 (Well Defined), where organizational standard processes are established, and projects tailor these processes to their specific needs.
- Fourth description: 'It gains leverage from all the management practice improvements seen in the earlier levels, and then emphasizes the cultural shifts that will sustain the gains made.' - This describes the highest level of maturity, SSE-CMM Level 5 (Optimizing), which focuses on continuous improvement, innovation, and sustaining long-term organizational change.
Therefore, the correct interaction is to drag 'LEVEL 1' to the first description, 'LEVEL 2' to the second description, 'LEVEL 3' to the third description, and 'LEVEL 5' to the fourth description.
Common mistakes.
- common_mistake. Common mistakes include confusing the distinct characteristics of each SSE-CMM maturity level. For example:
- Misplacing Level 3 or Level 5 where Level 1 is expected would be incorrect, as Level 1 represents basic process performance, not organizational standardization or optimization.
- Interchanging Level 2 (focus on project-level planning and tracking) with Level 3 (focus on organization-level defined processes and tailoring) would be a mistake, as they represent different scopes of process maturity.
- Assigning a lower maturity level (e.g., Level 1 or 2) to the description about 'cultural shifts' and 'sustaining gains' would be wrong, as these advanced concepts of continuous improvement and institutionalization are characteristic of Level 5. A general lack of understanding of the progressive nature of maturity models, where each level builds upon the previous one, could also lead to incorrect matches.
Concept tested. The core concept tested is the understanding of the Systems Security Engineering-Capability Maturity Model (SSE-CMM) and the specific characteristics that define each of its maturity levels. Specifically, the question focuses on SSE-CMM Level 1 (Performed Informally), Level 2 (Planned and Tracked), Level 3 (Well Defined), and Level 5 (Optimizing).
Topics
Community Discussion
No community discussion yet for this question.
