Security Program Maturity Models
Created by the Security Executive Council
In this security barometer quick poll conducted in 2015, we asked security practitioners to provide a self-assessment of the maturity model level of their programs using the five levels described by the SEI. Below are the results of the poll.
When the practitioners were asked a recovery-related question closely aligning with the lowest level of maturity, 27% said they did not achieve it. Perhaps they did not understand the question, but we expected the percentage to be much lower - close to zero. When participants were asked about metrics (a higher level of maturity), 64% said they did not use business value metrics (metrics that are beyond initial "counting" of activities such as number of background checks performed or number of badges issued). We hope to see that change over time.
The Security Executive Council is using the knowledge it has obtained through years of research into organizational structure, culture and security processes, as well as input from its experienced Emeritus Faculty (former security executives) and community of leading practitioners, to identify proven security processes and practices. Contact us if you would like the operational maturity of your security programs assessed against leading practices.
For more information on this topic see Security Program Strategy & Operations: Strategic Planning/Management
Watch our 3-minute video to learn about how the SEC works with security leaders. Contact us at: contact @secleader.com.
Copyright Security Executive Council. Last Updated: August 23, 2018
You can download a PDF of this resource below.