IT Governance, Risk, and Compliance

Apr 9 2009   7:10PM GMT

Measuring Performance – Part III

Robert Davis Robert Davis Profile: Robert Davis

IT security maturity modeling can measure the established control environment and controls within processes. Typically, the defined maturity modeling scale addresses entity-centric processes from an ad hoc to an optimized level. Specifically, a robust maturity model furnishes high-level guidance that aids in appreciating what is required for productive IT safeguarding. Furthermore, an entity-centric service maturity model equips management with the ability to position information assets protection on the maturity scale. Beneficially, after identifying critical IT processes and related controls, maturity modeling enables gaps in capabilities to be identified and presented to management through benchmarking, while illuminating necessary service improvements. Action plans can then be developed to bring identified processes within the desired IT security services target level.

Benchmarking (also known as “best practice benchmarking” and “process benchmarking”) is a process primarily employed for strategic management, in which entities evaluate various aspects of active processes in relation to best practices, usually within their designated business sector. This then allows an entity to develop plans on how to adopt accepted best practices, typically with the intent of improving some facet of performance. Benchmarking may be a singular event, but is commonly treated as a repetitious process in which entities continually seek to challenge their practices.

“View Part I of the Measuring Performance series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: