A few years ago, ESG created a security management maturity model that outlined a progression through four phases of a security management program’s evolution. The goal was to leverage ESG research to uncover success strategies and best practices, then use this information to help CISOs build a security management plan and prioritize the right activities in order to improve security and lower risk, while continuing to build the organization’s security maturity.
CISOs are certainly intent on evolving the maturity of their security management, but many organizations are facing unanticipated problems that are impeding their progress. CISOs face an insidious threat landscape and an avalanche of new technology initiatives that make security management increasingly difficult. Furthermore, enterprise organizations are finding it difficult to Recruit and train new security professionals—leaving them under-staffed and over-burdened. Taken together, new security risks and old security challenges often overwhelm legacy security controls and analytics tools.