- Forrester Councils
- Councils Overview
- log in
Posted by Chris McClean on July 27, 2010
After an in-depth survey of IT security and risk professionals, as well as our ongoing work with leaders in this field, Forrester recognized the need for a detailed, practical way to measure the maturity of security organizations. You asked, and we responded. I'm happy to announce today we published the Forrester Information Security Maturity Model, detailing 123 components that comprise a successful security organization, grouped in 25 functions, and 4 high level domains. In addition to the People, Process, and Technology functions you may be familiar with, we added Oversight, a domain that addresses the strategy and decision making needed to coordinate functions in the other three domains.
Our Maturity Model report explains the research and methodology behind this new framework, which is designed to help security and risk professionals articulate the breadth of security’s role in the organization, identify and fix gaps in their programs, and demonstrate improvement over time.
What makes the Forrester Information Security Maturity Model work?
This was a collaborative effort involving Forrester’s entire Security and Risk team. I provided a lot of the coordination as well as content in the governance, risk, and compliance areas, but relied on my cohorts to fill in the detailed criteria for the other aspects of the model.
Feedback from customers so far has been very positive, but as always, we encourage your comments and questions. Many thanks to those of you that have already offered input.
Lead BT Transformation
Develop customer-obsessed strategies to drive growth »
Forrester's CX Index
Predict how actions to improve CX will affect revenue performance.
Measure the customer experiences that matter most »