Security level management

This article includes a list of references, related reading, or external links, but its sources remain unclear because it lacks inline citations. Please help improve this article by introducing more precise citations. (May 2017) (Learn how and when to remove this message)

Security level management (SLM) comprises a quality assurance system for information system security.

The aim of SLM is to display the information technology (IT) security status transparently across an organization at any time, and to make IT security a measurable quantity. Transparency and measurability are the prerequisites for improving IT security through continuous monitoring.

SLM is oriented towards the phases of the Deming Cycle/Plan-Do-Check-Act (PDCA) Cycle: within the scope of SLM, abstract security policies or compliance guidelines at a company are transposed into operative, measureable specifications for the IT security infrastructure. The operative aims form the security level to be reached. The security level is checked permanently against the current status of the security software used (malware scanner, update/patch management, vulnerability scanner, etc.). Deviations can be recognised at an early stage and adjustments made to the security software.

In corporate contexts, SLM typically falls under the range of duties of the chief security officer (CSO), the chief information officer (CIO), or the chief information security officer (CISO), who report directly to an executive board on IT security and data availability.