IT Security maturity assessment: it is a Self-Evaluation assessment carried out by organization that informs where it stands in terms of IT Security and shows its Strength, weakness and areas where IT security improvement is needed in an organization.
Organizations analyze IT Security on the bases of ISO 27002 standards. This tool was intended for use by an institution as a whole, although a unit within an institution may also use it to help determine the Unless otherwise noted, it should be completed by chief information officer, chief information security officer or equivalent, or a designee and hardly takes few hours to analyze the overall IT maturity. The rating scale consist on 5 levels from 1 to 5 and every IT security related point carefully analyze by the analyze maturity team or individual and then they decided where that point put down.
Performed Informally = Adhoc
Planned = Proscribed
Well Defined = Standardized
Quantitatively Controlled = Quantitative
Continuously Improving = Optimized
The Key advantages to implementing this program includes earlier detection of risk and the development of action plans that will safeguard organizational data against significant business risk and indicates the
1. Include both negative and positive findings.
2. Prioritize findings related to IT security risks.
3. Stay consistent with the methodology and scope.4. Provide practical remediation path, accounting for the organization’s strengths and weaknesses.