Please read my guest blog post over at IT Knowledge Exchange.  It covers the topic of: Capability and Maturity Model Creation in Information Security.

The post references the following capability and maturity model (CMM) resources:

Also, Katie Moussouris reminded me of the Microsoft SDL Optimization Model.