NEW YORK – November 11, 2014 –– The Information Security Forum (ISF), a global, independent information security body considered the world's leading authority on cyber security and information risk management, today announced the release of their latest report Time to Grow: Using Maturity Models to Create and Protect Value. The report explains how organizations can make the right decisions about where to develop maturity and introduces a process to select and use an effective and efficient maturity model. This four-phase process can be used with any maturity model and is accompanied by the ISF Maturity Model Accelerator Tool, a high-level maturity model aligned with the ISF’s Standard of Good Practice for Information Security (The Standard).
Maturity is a measure of progress between an immature state and a mature state, rather than the progress itself. For example, when maturity is increased in a particular discipline, the benefit comes from the additional activities that are performed, or performed better, not from the increase in maturity itself. A maturity model consists of a set of characteristics, attributes, indicators or patterns that represent progression or achievement in a discipline. It is a business planning tool that helps organizations target the right amount of maturity at areas that create or protect value.
“Our latest report will help organizations assess their current information security maturity, translate business objectives into a target maturity and develop actionable plans to achieve it,” said Steve Durbin, Managing Director, ISF. “Using a maturity model acts as a catalyst for engagement with the wider business through the process of deciding where to target maturity and agreeing upon the appropriate maturity level. It provides a framework and common language for discussion and debate on how information security can enable the organization to achieve its goals.”
Using a maturity model helps information security build consensus, prioritize investment and demonstrate progress. To get the balance of maturity correct, an understanding is needed of both the eﬀects of maturity and the costs of achieving it. The ISF Maturity Model Accelerator Tool allows users to assess and plan their information security maturity in line with The Standard. The tool can be used as is, or tailored to concentrate on the areas of most value within your organization.
“Using a maturity model is not an end in itself. Rather it is a business planning tool that helps organizations target maturity in the areas that create or protect value,” continued Durbin. “A key aim for the information security function and its leader should be to engage with the organization to agree a target maturity that will support organizational goals, meet compliance requirements and manage information risk. Our latest report provides the necessary detail on the benefits and limitations of using a maturity model, and how to use one to focus time and investment on creating value.”