ISO/IEC 27001

ISO/IEC 27001 is the international version of the long standing BS7799-2. From October 2005, ISO 27001 has replaced BS7799-2:2002 as THE international information security management systems [ISMS] standard. From now on, ISO 27001 is the standard against which an ISMS will need to be certified, and it's the standard that increasingly organizations will use to demonstrate regulatory compliance and effective business risk management.

Difference between Capability Level and Maturity Level

The Concept of capability level and maturity level

The ISO 15504 defines a capability level and CMMI defines both capability
level and maturity level. Now what exactly is the difference between capability
level and maturity level. I shall try to explain the difference using an


Maturity levels in real life

Consider a person named M. When he was a child just one year old, just like
any other one year old, he could barely walk and speak. For our analogy purpose
we consider this stage as level one.

Now we look at person M again when he is a five year old child. At this stage he
can walk and run, and has basic reading and writing skills. This stage is level

When M is a 15 year old student, his reading and writing skills have developed
significantly, has knowledge in a variety of subjects and is developing his
analytical and problem solving skills. This is level three stage.

At 25 years of age, he has completed his professional education and has started
working in an organization. He is now applying his writing, speaking and
analytical skills for his professional purpose and now he also has the skills to
drive a vehicle. This stage is identified as level four for our analogy.

Years pass by and Mr.M now runs his own business. He has successfully applied
his planning and decision making skills to make his business venture a success.
We identify this stage as level five for our analogy.

Productivity measured in LOC?

LOC can be used as a measure to count productivity.
But when one does that, it makes the following assumptions.

1. LOC counting is standardized. There is a uniform method for counting lines and this method is applied across projects.
2. Different technologies, domains, languages and methods used for development are segragated and productivity is computed separately.

Overall productivity measure of the project can be obtained taking into account LOC productivity. Assumptions are:

1. For a given domain and development approach, the final LOC is a normalized size of measure.
2. Therefore the effort involved in requirements, design, developing test cases, and conducting testing will be proportional to the size in LOC. The relation between size and effort is not linear but exponential

Sharing Knowledge

One of the primary use of the internet is information sharing and this site aims contribute to that use. The various domains that this site caters to are - Software Quality, and Information Security.

Syndicate content