IT security maturity modeling can measure the established control environment and controls within processes. Typically, the defined maturity modeling scale addresses entity-centric processes from an ad hoc to an optimized level. Specifically, a robust maturity model furnishes high-level guidance that aids in appreciating what is required for productive IT safeguarding. Furthermore, an entity-centric service maturity model equips management with the ability to position information assets protection on the maturity scale. Beneficially, after identifying critical IT processes and related controls, maturity modeling enables gaps in capabilities to be identified and presented to management through benchmarking, while illuminating necessary service improvements. Action plans can then be developed to bring identified processes within the desired IT security services target level.
Benchmarking (also known as “best practice benchmarking” and “process benchmarking”) is a process primarily employed for strategic management, in which entities evaluate various aspects of active processes in relation to best practices, usually within their designated business sector. This then allows an entity to develop plans on how to adopt accepted best practices, typically with the intent of improving some facet of performance. Benchmarking may be a singular event, but is commonly treated as a repetitious process in which entities continually seek to challenge their practices.
“View Part I of the Measuring Performance series here“