CISO, how do you measure maturity?
No, is not how you thought
ISMS maturity is not a measurement of how good the protection of information technology is. It is a measurement of how good we are at improving that protection, adapting to changes in the threat landscape, changes in the internal information technology environment, and learning from incidents. Each cycle we describe will have an input, an output, and a procedure. There are 10 cycles in the maturity journey:
- Discovery Cycle
- Prioritization Cycle
- Verification Cycle
- Remediation Cycle
- Service Desk Cycle
- Knowledge Management Cycle
- Compliance Management Cycle
- Activity Management Cycle
- Quality Management Cycle
- Resources Management Cycle
The first step in the maturity ladder is having a good understanding of what we are protecting. This step is formally described in this article: