In business development, a maturity model is a common way to distinguish the capabilities and needs of different companies. The maturity of your security provides a context which, in turn, helps when determining your needs.
Are you eager to know the security maturity level of your organisation? Find out with our newly developed quick scan.
Aspects of a Security Maturity Model
Capability maturity modelling, or CMM, is a process which helps to measure the general effectivity, and efficacy, of programs and processes. “Maturity” in this case, relates to the programs and processes in terms of security.
A capability security maturity model defines five distinct maturity levels. Each of these levels indicates that an organisation is at a certain level of optimisation for their security processes.
At this level, there are no security practises in place. Processes are ad hoc and informal. Security is reactive and not repeatable, measurable, or scalable.
At this stage of
maturity, there is
growing awareness of
the need for security.
Although there are
in place, they are
from a business
Within this phase,
processes are defined,
formalised. This helps
quantification from a
At this stage, the
to refine and adapt
practises to make
them more effective
and efficient, based
on the information
received from their
operating at this
level, has processes
that are automated,
Security is an integral
part of the business
clear business value.
Key process areas of the maturity model
As an organisation progresses from one level to the next, their processes will move from unorganised and unstructured to a level where their data processes run smoothly and are continuously optimized.
There are key process areas (KPAs) that characterize each level of the maturity model. KPAs are a cluster of related practices that, when they are implemented together, satisfy goals that are set to improve a given area of the program.
The following KPAs are what organisations should keep in mind at each level of the maturity model:
- The commitment to perform,
- The ability to perform
- The activities performed
- Measurement and analysis of the results
- Verifying the implementation of processes
Discover your Security Maturity Level
In 6 steps you’ll get a first indication of the security maturity level of your organisation. Start the scan now and download the full report.