In business development, a maturity model is a common way to distinguish the capabilities and needs of different companies. The maturity of your security provides a context which, in turn, helps when determining your needs.

Are you eager to know the security maturity level of your organisation? Find out with our newly developed quick scan.

Start Security Maturity Scan

Aspects of a Security Maturity Model

Capability maturity modelling, or CMM, is a process which helps to measure the general effectivity, and efficacy, of programs and processes. “Maturity” in this case, relates to the programs and processes in terms of security.

A capability security maturity model defines five distinct maturity levels. Each of these levels indicates that an organisation is at a certain level of optimisation for their security processes.

Self Scan Graph-06



At this level, there are no security practises in place. Processes are ad hoc and informal. Security is reactive and not repeatable, measurable, or scalable.



At this stage of
maturity, there is
growing awareness of
the need for security.
Although there are
some procedures
in place, they are
relatively unjustified
from a business



Within this phase,
processes are defined,
standardised and
formalised. This helps
create consistency
across the
organisation, allowing
measurement and
quantification from a
security viewpoint.



At this stage, the
organisation begins
to refine and adapt
their security
practises to make
them more effective
and efficient, based
on the information
received from their



An organisation
operating at this
level, has processes
that are automated,
formalised, and
constantly analysed
for optimisation.
Security is an integral
part of the business
culture, delivering
clear business value.

Key process areas of the maturity model

As an organisation progresses from one level to the next, their processes will move from unorganised and unstructured to a level where their data processes run smoothly and are continuously optimized.

There are key process areas (KPAs) that characterize each level of the maturity model. KPAs are a cluster of related practices that, when they are implemented together, satisfy goals that are set to improve a given area of the program.

The following KPAs are what organisations should keep in mind at each level of the maturity model:

  • The commitment to perform,
  • The ability to perform
  • The activities performed
  • Measurement and analysis of the results
  • Verifying the implementation of processes
Security Maturity Level Model Level

Discover your Security Maturity Level

In 6 steps you’ll get a first indication of the security maturity level of your organisation. Start the scan now and download the full report.

Start Security Maturity Scan