In the literature there are many different maturity models applied in various areas. One of the most famous is the maturity model developed by the Software Engineering Institute. Initially it was developed for software development organizations, but it has evolved and has been applied in other fields. The modern form of this method - CMMI (Capability Maturity Model Integration), is standard, applicable in many areas and branches. The article presents the concept of maturity models as a tool for assessing the existing level of information systems security risk management and for comparing it with the model solution. Thus it is also possible to identify the elements of risk management process that require improvements in order to reach the next - higher level of maturity.
Financed by the National Centre for Research and Development under grant No. SP/I/1/77065/10 by the strategic scientific research and experimental development program:
SYNAT - “Interdisciplinary System for Interactive Scientific and Scientific-Technical Information”.