
How Can Maturity-Based Approaches Better Cybersecurity?
Industries are taking new approaches like maturity and risk-based approaches to cybersecurity, and there is no reason to oppose it.
Fremont, CA: Maturity models are used to measure and benchmark client's information security maturity during the assessment consulting engagements. The risk-based approach that it promotes on its own has solid foundations, and in fact, is nothing new. In reality, its echoes in various ways and businesses have been developing and delivering with the clients and associates for many years. The maturity based approaches and risk-based approaches do not make sense, or even help the industry move forward to many. And yet the characterization of maturity-based models as "a dog that has its day" is also overrated.
Risk-based approaches are more advanced compared to the maturity-based ones, and it represents an 'evolution' of cybersecurity practices, which is highly disputable. The quantification of the maturity-based approaches as moving towards over-engineering and over-spending by a factor 3 rather than the risk-based approaches is merely misleading.
These approaches are nothing but just different ways of managing, driving, and measuring action around cybersecurity in various situations and different firms; one doesn't need to be superior to another. The key lies with the firms, and it is they who decide to follow which approach, the one which is right in relation to the firm's management and governance culture, and it's objective in cybersecurity. This varies naturally from one organization to another and from one management team to the next.
See Also: Cyber Security Review
One trend that is being noticed more these days is the weakening of traditional risk and compliance drivers around cybersecurity with the senior executives. Many firms are committing large amounts in the large-scale transformative security programs when the "when-not-if" paradigm in the cyber-attacks is strongly taking a substantial place in the boardroom. In return, the board is expecting protection and execution, and they hold the CIOs and CISOs accountable for both.
In such situations, risks take a back seat, delivery takes the center-stage, and maturity-based approaches generally function well, as long as they are moving around a clear set of capabilities to be developed through the delivery of transparent tangible actions to gain a clear target maturity level.
As a matter of fact, it does not essential whether a firm adopts a maturity-driven route or a risk-driven route to ensure being well protected from cyber threats, this does not change the nature and the reality of those threats, and as a result, firms need to have in place the nature of measures to be well protected.
See Also :- Top Enterprise Security Companies
Featured Vendors
THETA432: Performance, Precision, Efficiency, Visibility - The Key to Incident Response and Answer to the Talent Shortage
EveryCloud Technologies: Delivering Powerful Email Filtering Services" title="Graham O'Reilly, CEO & Co-Founder" style="float:left; margin-right:10px; margin-bottom:20px;" width="60px" height="50px">
EveryCloud Technologies: Delivering Powerful Email Filtering Services
Onepath: A Responsive Info-Security Management Framework – the easier way to dramatically improve your overall info-security posture
Covenant Security Solutions, Inc.: Revolutionary Solutions to Mitigate Security and Compliance Risks
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
