
Appendix E ◾ 191
Business
Attribute Attribute Explanation
Metric
Type
Suggested
Measurement
Approach
Soft Independent audit and
review against
Security Architecture
Capability Maturity
Model
2
with respect
to the ability to
prevent repudiations
that cannot be easily
resolved
Owned There should be an entity
designated as “owner” of
every system. This owner is
the policy maker for all
aspects of risk management
with respect to the system
and exerts the ultimate
authority for controlling the
system.
Soft Independent audit
and review against
Security Architecture
Capability Maturity
Model
2
of the
ownership
arrangements and
of the management
processes ...