Often just another squeeze on a security team's time, maturity assessments are a key part of any cyber security
program.
While the scores behind maturity can be misinterpreted as a measure of
how secure an organization is, capability building around maturity does create
resiliency and strengthen many of the cross-company business processes
underlying a sound security program.
Each maturity line item worked on is like a step in a slow, purposeful
journey.
Maturity is a journey of noteworthy sustained engagement with an underlying work plan and process,
easy to explain to executives.
The standards are defined. Perhaps by security or compliance
or the business process owner.
Some work is done to what are perceived to be the standards.
Key question at this point: On to the next item? Or is there still value to be squeezed from the process?
In our organization, the work is wrapped up and sent to internal
IT audit which follows a quarter behind.
No years of waiting for the next assessment.
Fresh recent feedback for the business process owner.
Immediate value from your IT audit team into your cyber security
program.
A noteworthy, sustained audit trail for the next maturity assessment.
A juice worth the squeeze.
Follow me on Twitter for discussion and the latest blog
updates: @Opinionatedsec1. Or, start your own discussion using
#crazygoodcyberteams on twitter or Linkedin and I'll read it.
SEE ALSO
No comments:
Post a Comment