ADDME
The Five-Step Approach to Security Best Practices
In order to streamline security and help achieve security best practices, ISS has developed a five-step process covering the complete security management lifecycle, including phases for Assessment, Design, Deployment, Management and Education (ADDME).
The ADDME process identifies and analyzes gaps in the current security state compared to requirements for security best practices. It then designs and implements solutions to close those gaps and ensure ongoing conformity.
The following phases are part of the ADDME process:
- Phase 1: Assess the current level of information security
- Phase 2: Design and documenting policies, processes and solutions to ensure protection
- Phase 3: Deploy protection technology and services
- Phase 4: Manage the security program to serve business goals
- Phase 5: Educate the organization on security best practices and best-of-breed technology