search menu icon-carat-right cmu-wordmark

The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management

Technical Report
In this report, the authors describe the critical success factor method and present theories and experience in applying it to enterprise security management.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2004-TR-010
DOI (Digital Object Identifier)
10.1184/R1/6585107.v1

Abstract

Every organization has a mission that describes why it exists (its purpose) and where it intends to go (its direction). The mission reflects the organization's unique values and vision. Achieving the mission takes the participation and skill of the entire organization. The goals and objectives of every staff member must be aimed toward the mission. However, achieving goals and objectives is not enough. The organization must perform well in key areas on a consistent basis to achieve the mission. These key areas—unique to the organization and the industry in which it competes—can be defined as the organization's critical success factors. 

The critical success factor method is a means for identifying these important elements of success. It was originally developed to align information technology planning with the strategic direction of an organization. However, in research and fieldwork undertaken by members of the Survivable Enterprise Management (SEM) team at the Software Engineering Institute, it has shown promise in helping organizations guide, direct, and prioritize their activities for developing security strategies and managing security across their enterprises. This report describes the critical success factor method and presents the SEM team's theories and experience in applying it to enterprise security management.

Cite This Technical Report

Caralli, R., Stevens, J., Willke, B., & Wilson, W. (2004, July 1). The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management. (Technical Report CMU/SEI-2004-TR-010). Retrieved March 28, 2024, from https://doi.org/10.1184/R1/6585107.v1.

@techreport{caralli_2004,
author={Caralli, Richard and Stevens, James and Willke, Bradford and Wilson, William},
title={The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management},
month={Jul},
year={2004},
number={CMU/SEI-2004-TR-010},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6585107.v1},
note={Accessed: 2024-Mar-28}
}

Caralli, Richard, James Stevens, Bradford Willke, and William Wilson. "The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management." (CMU/SEI-2004-TR-010). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, July 1, 2004. https://doi.org/10.1184/R1/6585107.v1.

R. Caralli, J. Stevens, B. Willke, and W. Wilson, "The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2004-TR-010, 1-Jul-2004 [Online]. Available: https://doi.org/10.1184/R1/6585107.v1. [Accessed: 28-Mar-2024].

Caralli, Richard, James Stevens, Bradford Willke, and William Wilson. "The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management." (Technical Report CMU/SEI-2004-TR-010). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Jul. 2004. https://doi.org/10.1184/R1/6585107.v1. Accessed 28 Mar. 2024.

Caralli, Richard; Stevens, James; Willke, Bradford; & Wilson, William. The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management. CMU/SEI-2004-TR-010. Software Engineering Institute. 2004. https://doi.org/10.1184/R1/6585107.v1