Cyber Security Capacity Maturity Model : cybersecurity beyond compliance
In recent years, ‘compliance’ has become a bit of a buzzword within the cyber security sphere. However, whilst companies have been concerning themselves with ticking regulatory boxes, they have lost sight of the outcome. An outcome-driven approach Instead of conducting box-ticking exercises, organizations should be driving information security priorities and investments with an outcome-driven approach that takes their capabilities into account. All too often, businesses assume they can quickly adopt new, sophisticated cyber security schemes where no such capabilities have been before. But this is not the case. Information security programs have to go through a maturation process, and these improvements take time. In much the same way you would teach a child to walk before teaching them to run, organizations’ cyber security programs have to grow up — mature — steadily, taking one cautious step at a time. To understand how ‘mature’ a company’s information security is, cyber security sp