CISO, how do you measure maturity?

No, is not how you thought

Vicente Aceituno Canal
The CISO Den

--

ISMS maturity is not a measurement of how good the protection of information technology is. It is a measurement of how good we are at improving that protection, adapting to changes in the threat landscape, changes in the internal information technology environment, and learning from incidents. Each cycle we describe will have an input, an output, and a procedure. There are 10 cycles in the maturity journey:

  • Discovery Cycle
  • Prioritization Cycle
  • Verification Cycle
  • Remediation Cycle
  • Service Desk Cycle
  • Knowledge Management Cycle
  • Compliance Management Cycle
  • Activity Management Cycle
  • Quality Management Cycle
  • Resources Management Cycle

The first step in the maturity ladder is having a good understanding of what we are protecting. This step is formally described in this article:

--

--

No responses yet