Why mature?
Cyber Security program has to mature to the level where the Board of Directors, General Counsel, and the C-level executives all agree and are convinced that the program is benefiting the Organization to meet the set objectives and goals.
How to mature?
Maturing the Cyber Security program should be the theme of the Cyber Security Roadmap that the CSOs put together and maintain. CSOs must realize that their priorities should be focused on fully understanding and aligning with the business objectives and goals of the Organization rather than just focusing on obtaining adequate budget, growing the workforce and deploying every security technologies that emerge in the market place. The maturity approach has to be a well recognized framework-based, and systematic that the executives could understand and appreciate. While adapting the industry-standard frameworks, it is absolutely acceptable to trim and extend as necessary based on your Organization’s needs. Do not ever under-estimate the level of efforts required especially in a long-existing enterprise environment.
My personal preference has been CoBIT and I have embedded necessary other technical frameworks to create a custom one.
I am intending to blog on CoBIT and other standard controls and examples. Stay tuned on this site and subscribe the feeds. Your comments are most welcome and feel free to request viewpoints on areas that concerns you!
Leave a Reply